ch-router: fix firewall script

author: Christian Pointner <equinox@spreadspace.org> 2019-07-10 13:14:07 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2019-07-10 13:14:07 +0200
commit: e6ffe4f0d51afd98f4649f682028c40dffec272c (patch)
tree: ee1ba0d2b429eb21d262edebff2ab52bded32833 /inventory/host_vars/ch-router.yml
parent: ch-router: added firewall script (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/inventory/host_vars/ch-router.yml b/inventory/host_vars/ch-router.yml
index 3a5f8e43..deaf0371 100644
--- a/inventory/host_vars/ch-router.yml
+++ b/inventory/host_vars/ch-router.yml
@@ -63,12 +63,13 @@ openwrt_mixin:
         SVC_IPADDR=$(uci get "network.svc.ipaddr")
         SVC_NETMASK=$(uci get "network.svc.netmask")
 
+        SSH_PORT=$(uci get dropbear.@dropbear[0].Port)
 
         iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT
         iptables -A INPUT -i "$MGMT_IF" -d "$MGMT_IPADDR" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT
 
         iptables -A INPUT -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p icmp -j ACCEPT
-        iptables -A INPUT -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 22000 -j ACCEPT
+        iptables -A INPUT -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport "$SSH_PORT" -j ACCEPT
         iptables -A INPUT -i "$MAGENTA_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
         iptables -A INPUT -i "$SVC_IF" -p icmp -d "$SVC_IPADDR" -s "$SVC_IPADDR/$SVC_NETMASK" -j ACCEPT
author	Christian Pointner <equinox@spreadspace.org>	2019-07-10 13:14:07 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2019-07-10 13:14:07 +0200
commit	e6ffe4f0d51afd98f4649f682028c40dffec272c (patch)
tree	ee1ba0d2b429eb21d262edebff2ab52bded32833 /inventory/host_vars/ch-router.yml
parent	ch-router: added firewall script (diff)