rc/servers
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects 1 Releases Wiki Activity

ceph: fix nftables management rule

Browse source 
The mgmt VRF might not exist yet when nftables rules are loaded, so
use iifname instead of iif for dynamic interface lookup.
This commit is contained in:
Timotej Lazar 2024-05-09 12:18:47 +02:00
parent 5a7fa02909
commit 5762236ac2
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
roles/ceph/templates/nftables.conf.j2
View file

@ -46,8 +46,6 @@ table inet filter {
iif lan0 ip6 saddr fe80::/64 accept
iif lan1 ip6 saddr fe80::/64 accept
iif mgmt accept comment "management access"
ip saddr @cluster accept comment "accept connections from other nodes"
ip6 saddr @cluster/6 accept comment "accept connections from other nodes"
@ -66,6 +64,8 @@ table inet filter {
{% endfor %}
iifname mgmt accept comment "management access"
ip saddr @allowed accept
ip6 saddr @allowed/6 accept
}