added nftables for cisoas
This commit is contained in:
parent
ed5a117f4b
commit
a51741c5a0
3 changed files with 22 additions and 0 deletions
|
@ -0,0 +1,11 @@
|
|||
sunet::nftables::allow::rules:
|
||||
allow_access_to_cisoassistant:
|
||||
from: 'any'
|
||||
port: 8443
|
||||
to: 'any'
|
||||
proto: 'tcp'
|
||||
allow_access_to_cisoassistant_api:
|
||||
from: 'any'
|
||||
port: 9443
|
||||
to: 'any'
|
||||
proto: 'tcp'
|
|
@ -142,3 +142,6 @@ nifrontend-sto1-prod-1.sunet.se:
|
|||
- 'sthb-lb-1.sunet.se'
|
||||
- 'tug-lb-1.sunet.se'
|
||||
port: '443'
|
||||
|
||||
cisoas-sto4-prod-1.sunet.se:
|
||||
net::nftables:
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
$nftables_rules = lookup('sunet::nftables::allow::rules', Hash, 'deep', {})
|
||||
|
||||
# Create resources for each rule
|
||||
$nftables_rules.each |$name, $params| {
|
||||
sunet::nftables::allow { $name:
|
||||
* => $params,
|
||||
}
|
||||
}
|
Loading…
Add table
Reference in a new issue