rc/servers
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects 1 Releases Wiki Activity

ceph: allow connections from more addresses

Browse source 
Should unhardcode this at some point.
This commit is contained in:
Timotej Lazar 2024-01-17 19:19:55 +01:00
parent d399fc0a24
commit c395fe22c7
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
roles/ceph/templates/nftables.conf.j2
View file

@ -5,9 +5,13 @@ flush ruleset
# Just a temporary filter until we get our shit together policy-wise. # Just a temporary filter until we get our shit together policy-wise.
table inet filter { table inet filter {
set allowed { set allowed {
type ipv4_addr type ipv4_addr; flags interval
flags interval elements = { 10.32.0.0/14, 193.2.76.176/24, 192.168.19.0/24, 192.168.251.0/24, 88.200.23.0/24 }
elements = { 10.32.0.0/14, 193.2.76.176/24, 192.168.19.0/24, 192.168.251.0/24 } }
set allowed/6 {
type ipv6_addr; flags interval
elements = { 2001:1470:fffd::/48 }
} }
chain input { chain input {
@ -21,6 +25,7 @@ table inet filter {
iif lan1 ip6 saddr fe80::/64 accept iif lan1 ip6 saddr fe80::/64 accept
ip saddr @allowed accept ip saddr @allowed accept
ip6 saddr @allowed/6 accept
} }
chain forward { chain forward {