vyos: allow access ruckus from cluster

cubic3d · Jan 29, 2025 · 87cefbf · 87cefbf
1 parent 94a9130
commit 87cefbf
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/infrastructure/ansible/host_vars/gw/data.sops.yaml b/infrastructure/ansible/host_vars/gw/data.sops.yaml
@@ -194,10 +194,20 @@ settings:
                       rules:
                         - accept_established: null
                         - drop_invalid: null
+                    - only:
+                        - server
+                      default: drop
+                      rules:
+                        - accept_established: null
+                        - drop_invalid: null
+                        - accept_specific_tcp_host_port:
+                            ip: 192.168.0.10
+                            port: 443
                     - allExcept:
                         - local
                         - trusted
                         - wireguard
+                        - server
                       default: drop
                       rules:
                         - accept_established: null
@@ -323,7 +333,6 @@ settings:
             name: Server
             interface: br0
             vlan: 40
-            mdns_repeater: true
             policies:
                 from4:
                     - only:
@@ -474,8 +483,8 @@ sops:
             U3FLc0pBSkdVU1h1V3ZoVXF0cW00YzQKxesVn8VCVWQHL+Ftqdce+q5gGfE2ZJeB
             82vBIwB+98vzky1TI4KjIoEVjMqc3qPpeUrAwNaFg1cTvtvAMOTanQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-29T14:03:26Z"
-    mac: ENC[AES256_GCM,data:Onyx7QUtBJXTRmBrDau1gTiFkhtDaae5Vrv9AL3pERtW01DjjQPuCQFMusxu2OPs4rvLStS5Wn9EACzK4MzMKBDTkEOT3ExRuiD6ecMlE7dAVShNJB+4DPDaWF18kH6uG8GABPKrfUVqFkVTqCkgdQEUcR/3o6QSvNTeW8FF5cM=,iv:3T2nMhGEsHzTaIzf28My3YO/ecJdcxuwGdGGbpmEF1o=,tag:B5fsZJZQF+EgQ1tWqh1LSw==,type:str]
+    lastmodified: "2025-01-29T14:39:29Z"
+    mac: ENC[AES256_GCM,data:07d3bkSSDMQV3lrRheALlviigSZemVTXuTwyrhRPGhuAx9Tz47aJ6UtsS7xE0QXvk/a8sBJSTWWj7uPNK6GzbTbo6hHiDFRUSTwTxDsVVbUNIfTYJYJvW/NIjujh86kjZumAbMRW+4cFqRb5+jb3gQcL2AbvKYVBxNGkQLX7i0Q=,iv:jZ1iE8wwybdZzC71YRw+ahi3UvAe+skp859yljLZ73I=,tag:XviwCgc0xSXRSwo8UmrPgA==,type:str]
     pgp: []
     encrypted_suffix: _enc
     version: 3.9.1