From cc57b9e9a6f06eb2fdce5ed83aa5f9ed6cd90cad Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Tue, 7 Mar 2023 19:19:14 +0000
Subject: [PATCH] Port custom firewall rule to nftables

---
 roles/nepomuk.rb | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/roles/nepomuk.rb b/roles/nepomuk.rb
index 4abe868d1..f57f73921 100644
--- a/roles/nepomuk.rb
+++ b/roles/nepomuk.rb
@@ -4,17 +4,8 @@ description "Master role applied to nepomuk"
 default_attributes(
   :networking => {
     :firewall => {
-      :inet => [
-        {
-          :action => "ACCEPT",
-          :source => "net:77.95.64.120,77.95.64.131,77.95.64.139",
-          :dest => "fw",
-          :proto => "tcp",
-          :dest_ports => "5666",
-          :source_ports => "1024:",
-          :rate_limit => "-",
-          :connection_limit => "-"
-        }
+      :incoming => [
+        "tcp sport { 1024-65535 } tcp dport { 5666 } ip saddr { 77.95.64.120, 77.95.64.131, 77.95.64.139 } ct state new accept"
       ]
     },
     :interfaces => {
-- 
2.39.5