diff options
| -rw-r--r-- | ansible/group_vars/all/nftables.yml | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ansible/group_vars/all/nftables.yml b/ansible/group_vars/all/nftables.yml index eba3319..0e94af9 100644 --- a/ansible/group_vars/all/nftables.yml +++ b/ansible/group_vars/all/nftables.yml @@ -60,6 +60,9 @@ nftables_configuration: | iifname {{ ansible_default_ipv6.interface }} udp dport {{ wireguard_port }} ct state new accept {% endif %} + # Node Exporter port for Prometheus scraping over WireGuard + iifname wg0 tcp dport 9100 ct state new accept + {% if "databases" in group_names %} # PostgreSQL connections iifname {{ ansible_default_ipv4.interface }} ip saddr @possible_lke_ipv4_addrs tcp dport postgresql ct state new accept |