aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Joe Banks <[email protected]>2024-08-30 18:52:48 +0100
committerGravatar Joe Banks <[email protected]>2024-08-30 18:53:16 +0100
commitfd82d6d8c35f082917d665d6acc525436dd8f0b7 (patch)
tree5b50c097a126f7db5dda5027f76cde1b58887142
parentAdd new firewalld role for shared reload handler (diff)
Add Munin port 4949 to wireguard allow list for nftables hosts
Diffstat
-rw-r--r--ansible/group_vars/all/nftables.yml3
1 files changed, 3 insertions, 0 deletions
diff --git a/ansible/group_vars/all/nftables.yml b/ansible/group_vars/all/nftables.yml
index f45f06b..d931d46 100644
--- a/ansible/group_vars/all/nftables.yml
+++ b/ansible/group_vars/all/nftables.yml
@@ -80,6 +80,9 @@ nftables_configuration: |
# Node Exporter port for Prometheus scraping over WireGuard
iifname wg0 tcp dport 9100 ct state new accept
+ # Munin scraping over WireGuard
+ iifname wg0 tcp dport 4949 ct state new accept
+
{% if "databases" in group_names %}
# PostgreSQL connections
iifname {{ ansible_default_ipv4.interface }} ip saddr @possible_lke_ipv4_addrs tcp dport postgresql ct state new accept
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-18 23:40:05 +0000