firewall: expand convenience nftables port sets

Should probably just allow everything for AD at this point.
2024-09-21 20:19:24 +02:00 · 2024-09-21 20:19:24 +02:00 · f8e8acb521
commit f8e8acb521
parent 5a9f0ac26a
1 changed files with 19 additions and 0 deletions
--- a/roles/firewall/templates/nftables.nft.j2
+++ b/roles/firewall/templates/nftables.nft.j2
@ -18,8 +18,10 @@ table inet filter {
        type inet_proto . inet_service
        flags interval
        elements = {
+            tcp . 53,
            tcp . 88,
            tcp . 135,
+            tcp . 139,
            tcp . 389,
            tcp . 445,
            tcp . 464,
@ -29,14 +31,31 @@ table inet filter {
            tcp . 9389,
            tcp . 22222-22224,
            tcp . 49152-65535,
+            udp . 53,
            udp . 88,
            udp . 135,
+            udp . 137, # netbios, maybe can do without
+            udp . 138, # netbios, maybe can do without
            udp . 389,
            udp . 464,
            udp . 3269
        }
    }

+    set ldap-ports {
+        type inet_proto . inet_service
+        flags interval
+        elements = {
+            tcp . 88,
+            tcp . 389,
+            tcp . 636,
+            tcp . 3268,
+            tcp . 3269,
+            udp . 88,
+            udp . 389
+        }
+    }
+
    chain input {
        type filter hook input priority 0; policy drop