From c7e9cf4df871d979eed3093cae87fa647cb3e514 Mon Sep 17 00:00:00 2001
From: pettai <pettai@sunet.se>
Date: Thu, 13 Jun 2024 12:59:00 +0200
Subject: [PATCH] ntf rules

---
 .../etc/puppet/modules/dns/manifests/apache2.pp      | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/global/overlay/etc/puppet/modules/dns/manifests/apache2.pp b/global/overlay/etc/puppet/modules/dns/manifests/apache2.pp
index d70bff4..5fd235f 100644
--- a/global/overlay/etc/puppet/modules/dns/manifests/apache2.pp
+++ b/global/overlay/etc/puppet/modules/dns/manifests/apache2.pp
@@ -25,4 +25,16 @@ class dns::apache2 {
   exec { 'a2ensite dns-rest-api':
     notify      => Service['apache2'],
   }
+  sunet::nftables::rule { 'apache-http':
+    rule => "add rule inet filter input tcp dport 80 counter accept comment \"allow-apache2-http\""
+  }
+  sunet::nftables::rule { 'apache-http-v6':
+    rule => "add rule inet6 filter input tcp dport 80 counter accept comment \"allow-apache2-http\""
+  }
+  sunet::nftables::rule { 'apache-https':
+    rule => "add rule inet filter input tcp dport 443 counter accept comment \"allow-apache2-https\""
+  }
+  sunet::nftables::rule { 'apache-https-v6':
+    rule => "add rule inet6 filter input tcp dport 443 counter accept comment \"allow-apache2-https\""
+  }
 }