From 1941306649d46d5c74bf679097ce77e36899273c Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 5 Jun 2024 00:47:49 +0200
Subject: ch-iot: allow access to http from iot vlan (needed for apt proxy)

---
 inventory/host_vars/ch-iot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inventory/host_vars/ch-iot.yml b/inventory/host_vars/ch-iot.yml
index 043403b3..1a5782b4 100644
--- a/inventory/host_vars/ch-iot.yml
+++ b/inventory/host_vars/ch-iot.yml
@@ -55,7 +55,7 @@ nftables_base_rules:
       chain input_iot {
         ip protocol icmp accept
         ip6 nexthdr ipv6-icmp accept
-        tcp dport { domain, 1883 } accept
+        tcp dport { domain, http, 1883 } accept
         udp dport { bootps, domain, ntp } accept
       }
 
-- 
cgit v1.2.3