Restrict traffic to certain addresses

This commit is contained in:
Wojciech Kozlowski 2023-07-08 13:07:19 +02:00
parent 1e76fc100c
commit 3eb33eb556
3 changed files with 4 additions and 1 deletions

View File

@ -29,6 +29,7 @@ vpn_bridge_prefix: "10.66.{{ vpn_subnet_id }}"
vpn_bridge_address: "{{ vpn_bridge_prefix }}.1" vpn_bridge_address: "{{ vpn_bridge_prefix }}.1"
vpn_bridge_broadcast: "{{ vpn_bridge_prefix }}.255" vpn_bridge_broadcast: "{{ vpn_bridge_prefix }}.255"
vpn_bridge_netmask: "255.255.255.0" vpn_bridge_netmask: "255.255.255.0"
vpn_bridge_subnet: "{{ vpn_bridge_prefix }}.0/24"
vpn_bridge_dnat: "\ vpn_bridge_dnat: "\
{% set vpn_bridge_dnat = [] %}\ {% set vpn_bridge_dnat = [] %}\
{% for properties in ( services_host_services.values() | selectattr('tcp', 'defined') ) %}\ {% for properties in ( services_host_services.values() | selectattr('tcp', 'defined') ) %}\

View File

@ -74,6 +74,8 @@ vpn_wireguard_routing_table: 66
# vpn:bridge # vpn:bridge
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
vpn_bridge_routing_table: "{{ vpn_wireguard_routing_table }}" vpn_bridge_routing_table: "{{ vpn_wireguard_routing_table }}"
vpn_bridge_local_only_daddr:
- "{{ services_host_services.database.address }}"
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# backups:snapshots # backups:snapshots

2
roles

@ -1 +1 @@
Subproject commit 024b0c7fcc129d832b2fa1933dcd12da4b25ea61 Subproject commit 403b65f81280ec1e4d9a3b9d2816b3f3b42587f8