From 87cefbfe04f08aaf2de6e88ac1733eb72672e428 Mon Sep 17 00:00:00 2001 From: Waldemar Faist Date: Wed, 29 Jan 2025 15:43:40 +0100 Subject: [PATCH] vyos: allow access ruckus from cluster --- .../ansible/host_vars/gw/data.sops.yaml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/infrastructure/ansible/host_vars/gw/data.sops.yaml b/infrastructure/ansible/host_vars/gw/data.sops.yaml index 31c0069a2..bdf3cfe44 100644 --- a/infrastructure/ansible/host_vars/gw/data.sops.yaml +++ b/infrastructure/ansible/host_vars/gw/data.sops.yaml @@ -194,10 +194,20 @@ settings: rules: - accept_established: null - drop_invalid: null + - only: + - server + default: drop + rules: + - accept_established: null + - drop_invalid: null + - accept_specific_tcp_host_port: + ip: 192.168.0.10 + port: 443 - allExcept: - local - trusted - wireguard + - server default: drop rules: - accept_established: null @@ -323,7 +333,6 @@ settings: name: Server interface: br0 vlan: 40 - mdns_repeater: true policies: from4: - only: @@ -474,8 +483,8 @@ sops: U3FLc0pBSkdVU1h1V3ZoVXF0cW00YzQKxesVn8VCVWQHL+Ftqdce+q5gGfE2ZJeB 82vBIwB+98vzky1TI4KjIoEVjMqc3qPpeUrAwNaFg1cTvtvAMOTanQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-29T14:03:26Z" - mac: ENC[AES256_GCM,data:Onyx7QUtBJXTRmBrDau1gTiFkhtDaae5Vrv9AL3pERtW01DjjQPuCQFMusxu2OPs4rvLStS5Wn9EACzK4MzMKBDTkEOT3ExRuiD6ecMlE7dAVShNJB+4DPDaWF18kH6uG8GABPKrfUVqFkVTqCkgdQEUcR/3o6QSvNTeW8FF5cM=,iv:3T2nMhGEsHzTaIzf28My3YO/ecJdcxuwGdGGbpmEF1o=,tag:B5fsZJZQF+EgQ1tWqh1LSw==,type:str] + lastmodified: "2025-01-29T14:39:29Z" + mac: ENC[AES256_GCM,data:07d3bkSSDMQV3lrRheALlviigSZemVTXuTwyrhRPGhuAx9Tz47aJ6UtsS7xE0QXvk/a8sBJSTWWj7uPNK6GzbTbo6hHiDFRUSTwTxDsVVbUNIfTYJYJvW/NIjujh86kjZumAbMRW+4cFqRb5+jb3gQcL2AbvKYVBxNGkQLX7i0Q=,iv:jZ1iE8wwybdZzC71YRw+ahi3UvAe+skp859yljLZ73I=,tag:XviwCgc0xSXRSwo8UmrPgA==,type:str] pgp: [] encrypted_suffix: _enc version: 3.9.1