swedenconnect/eid-ops
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make nft rules dynamic in connector class, SC-2670

Browse source
This commit is contained in:
Patrik Holmqvist 2025-02-26 16:02:03 +01:00
parent c102fe775b
commit 746ef65cb9
Signed by: pahol
GPG key ID: 5D5B0D4E93F77273
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
global/overlay/etc/puppet/modules/eid/manifests/connector.pp
View file

@ -22,8 +22,9 @@ class eid::connector (
if $version { if $version {
# Allow HTTPS from load balancer servers # Allow HTTPS from load balancer servers
$lb_ips = hiera_array("lb_${environment}_servers",[])
sunet::nftables::allow { 'allow-https-from-lbs': sunet::nftables::allow { 'allow-https-from-lbs':
from => ['94.176.224.38', '94.176.224.166',], from => $lb_ips,
port => 443, port => 443,
} }