diff options
| author |  Joe Banks <[email protected]> | 2024-06-02 14:20:48 +0100 |
|---|---|---|
| committer | Joe Banks <[email protected]> | 2024-06-02 14:20:48 +0100 |
| commit | bc4ac7af12df7d8735e22f2219ddda14df4c81cc (patch) | |
| tree | d7fe624ead6a40d3506ea435c1a6b8f6f7751b3f /ansible | |
| parent | Fix docs lint flow (diff) | |
Allow node_exporter scraping in nftables
Diffstat (limited to 'ansible')
| -rw-r--r-- | ansible/group_vars/all/nftables.yml | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ansible/group_vars/all/nftables.yml b/ansible/group_vars/all/nftables.yml index eba3319..0e94af9 100644 --- a/ansible/group_vars/all/nftables.yml +++ b/ansible/group_vars/all/nftables.yml @@ -60,6 +60,9 @@ nftables_configuration: | iifname {{ ansible_default_ipv6.interface }} udp dport {{ wireguard_port }} ct state new accept {% endif %} + # Node Exporter port for Prometheus scraping over WireGuard + iifname wg0 tcp dport 9100 ct state new accept + {% if "databases" in group_names %} # PostgreSQL connections iifname {{ ansible_default_ipv4.interface }} ip saddr @possible_lke_ipv4_addrs tcp dport postgresql ct state new accept |