From: Tom Hughes <tom@compton.nu>
Date: Tue, 7 Mar 2023 19:19:14 +0000 (+0000)
Subject: Port custom firewall rule to nftables
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/cc57b9e9a6f06eb2fdce5ed83aa5f9ed6cd90cad

Port custom firewall rule to nftables
---

diff --git a/roles/nepomuk.rb b/roles/nepomuk.rb
index 4abe868d1..f57f73921 100644
--- a/roles/nepomuk.rb
+++ b/roles/nepomuk.rb
@@ -4,17 +4,8 @@ description "Master role applied to nepomuk"
 default_attributes(
   :networking => {
     :firewall => {
-      :inet => [
-        {
-          :action => "ACCEPT",
-          :source => "net:77.95.64.120,77.95.64.131,77.95.64.139",
-          :dest => "fw",
-          :proto => "tcp",
-          :dest_ports => "5666",
-          :source_ports => "1024:",
-          :rate_limit => "-",
-          :connection_limit => "-"
-        }
+      :incoming => [
+        "tcp sport { 1024-65535 } tcp dport { 5666 } ip saddr { 77.95.64.120, 77.95.64.131, 77.95.64.139 } ct state new accept"
       ]
     },
     :interfaces => {