diff options
Diffstat (limited to 'ansible/group_vars')
| -rw-r--r-- | ansible/group_vars/all/nftables.yml | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ansible/group_vars/all/nftables.yml b/ansible/group_vars/all/nftables.yml index eba3319..68d0bbd 100644 --- a/ansible/group_vars/all/nftables.yml +++ b/ansible/group_vars/all/nftables.yml @@ -60,6 +60,15 @@ nftables_configuration: | iifname {{ ansible_default_ipv6.interface }} udp dport {{ wireguard_port }} ct state new accept {% endif %} + + {% if "monitoring" in group_names %} + # Prometheus connections + iifname {{ ansible_default_ipv4.interface }} tcp dport 9090 ct state new accept + {% if ansible_default_ipv6 is defined %} + iifname {{ ansible_default_ipv6.interface }} tcp dport 9090 ct state new accept + {% endif %} + {% endif %} + {% if "databases" in group_names %} # PostgreSQL connections iifname {{ ansible_default_ipv4.interface }} ip saddr @possible_lke_ipv4_addrs tcp dport postgresql ct state new accept |