summaryrefslogtreecommitdiff
path: root/inventory/group_vars
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2020-03-01 20:50:15 +0100
committerChristian Pointner <equinox@spreadspace.org>2020-03-01 20:50:15 +0100
commit79bd98f7ea6f1d4a3f1ec31d80dcb78a2b75c442 (patch)
treedc64ae2c443d5b96983e8c569e32a1dacec1adf0 /inventory/group_vars
parentmove helene and dione to funkfeuer vlan (diff)
ele-ups: firewall and listen_address
Diffstat (limited to 'inventory/group_vars')
-rw-r--r--inventory/group_vars/ele-ups/main.yml32
1 files changed, 32 insertions, 0 deletions
diff --git a/inventory/group_vars/ele-ups/main.yml b/inventory/group_vars/ele-ups/main.yml
index 2f8276d8..0e0ffa69 100644
--- a/inventory/group_vars/ele-ups/main.yml
+++ b/inventory/group_vars/ele-ups/main.yml
@@ -51,6 +51,32 @@ openwrt_mixin:
sleep 5
upscmd -u admin -p secret "$UPS" load.on
+ /etc/rc.d/S22network-fw:
+ link: "../init.d/network-fw"
+
+ /etc/rc.d/K92network-fw:
+ link: "../init.d/network-fw"
+
+ /etc/init.d/network-fw:
+ mode: "0755"
+ content: |
+ #!/bin/sh /etc/rc.common
+
+ START=22
+ STOP=91
+
+ start() {
+ iptables -A INPUT -p tcp --dport 3493 -s 127.0.0.0/8 -j ACCEPT
+ iptables -A INPUT -p tcp --dport 3493 -s 89.106.215.21 -j ACCEPT
+ iptables -A INPUT -p tcp --dport 3493 -j DROP
+ }
+
+ stop() {
+ iptables -D INPUT -p tcp --dport 3493 -j DROP
+ iptables -D INPUT -p tcp --dport 3493 -s 89.106.215.21 -j ACCEPT
+ iptables -D INPUT -p tcp --dport 3493 -s 127.0.0.0/8 -j ACCEPT
+ }
+
openwrt_uci:
system:
@@ -97,9 +123,15 @@ openwrt_uci:
proto: static
ipaddr: "{{ network_mgmt_zone.prefix | ipaddr(network_mgmt_zone.offsets[inventory_hostname]) | ipaddr('address') }}"
netmask: "{{ network_mgmt_zone.prefix | ipaddr('netmask') }}"
+ gateway: "{{ network_mgmt_zone.gateway }}"
+ dns: "{{ network_mgmt_zone.dns }}"
accept_ra: 0
nut_server:
+ - name: listen_address
+ options:
+ address: 0.0.0.0
+
- name: "driver '{{ inventory_hostname | regex_replace('^ele-ups-(.*)$', '\\1') }}'"
options:
driver: usbhid-ups