added nftables for cisoas

This commit is contained in:
Rasmus Thorslund 2025-01-30 16:05:39 +01:00
parent ed5a117f4b
commit a51741c5a0
No known key found for this signature in database
GPG key ID: 502D33332E9E305D
3 changed files with 22 additions and 0 deletions

View file

@ -0,0 +1,11 @@
sunet::nftables::allow::rules:
allow_access_to_cisoassistant:
from: 'any'
port: 8443
to: 'any'
proto: 'tcp'
allow_access_to_cisoassistant_api:
from: 'any'
port: 9443
to: 'any'
proto: 'tcp'

View file

@ -142,3 +142,6 @@ nifrontend-sto1-prod-1.sunet.se:
- 'sthb-lb-1.sunet.se'
- 'tug-lb-1.sunet.se'
port: '443'
cisoas-sto4-prod-1.sunet.se:
net::nftables:

View file

@ -0,0 +1,8 @@
$nftables_rules = lookup('sunet::nftables::allow::rules', Hash, 'deep', {})
# Create resources for each rule
$nftables_rules.each |$name, $params| {
sunet::nftables::allow { $name:
* => $params,
}
}