ele-ups: firewall and listen_address

1 files changed, 32 insertions, 0 deletions

diff --git a/inventory/group_vars/ele-ups/main.yml b/inventory/group_vars/ele-ups/main.yml
index 2f8276d8..0e0ffa69 100644
--- a/inventory/group_vars/ele-ups/main.yml
+++ b/inventory/group_vars/ele-ups/main.yml
@@ -51,6 +51,32 @@ openwrt_mixin:
       sleep 5
       upscmd -u admin -p secret "$UPS" load.on
 
+  /etc/rc.d/S22network-fw:
+    link: "../init.d/network-fw"
+
+  /etc/rc.d/K92network-fw:
+    link: "../init.d/network-fw"
+
+  /etc/init.d/network-fw:
+    mode: "0755"
+    content: |
+      #!/bin/sh /etc/rc.common
+
+      START=22
+      STOP=91
+
+      start() {
+        iptables -A INPUT -p tcp --dport 3493 -s 127.0.0.0/8 -j ACCEPT
+        iptables -A INPUT -p tcp --dport 3493 -s 89.106.215.21 -j ACCEPT
+        iptables -A INPUT -p tcp --dport 3493 -j DROP
+      }
+
+      stop() {
+        iptables -D INPUT -p tcp --dport 3493 -j DROP
+        iptables -D INPUT -p tcp --dport 3493 -s 89.106.215.21 -j ACCEPT
+        iptables -D INPUT -p tcp --dport 3493 -s 127.0.0.0/8 -j ACCEPT
+      }
+
 
 openwrt_uci:
   system:
@@ -97,9 +123,15 @@ openwrt_uci:
         proto: static
         ipaddr: "{{ network_mgmt_zone.prefix | ipaddr(network_mgmt_zone.offsets[inventory_hostname]) | ipaddr('address') }}"
         netmask: "{{ network_mgmt_zone.prefix | ipaddr('netmask') }}"
+        gateway: "{{ network_mgmt_zone.gateway }}"
+        dns: "{{ network_mgmt_zone.dns }}"
         accept_ra: 0
 
   nut_server:
+    - name: listen_address
+      options:
+        address: 0.0.0.0
+
     - name: "driver '{{ inventory_hostname | regex_replace('^ele-ups-(.*)$', '\\1') }}'"
       options:
         driver: usbhid-ups