From da1f3265895310960c71d8ae30b7716bde697a04 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 3 Jul 2022 16:51:38 +0200 Subject: ups: remove iptables based firewall --- inventory/group_vars/ups/vars.yml | 44 ++++++++++++--------------------------- 1 file changed, 13 insertions(+), 31 deletions(-) diff --git a/inventory/group_vars/ups/vars.yml b/inventory/group_vars/ups/vars.yml index 26556942..2e75f882 100644 --- a/inventory/group_vars/ups/vars.yml +++ b/inventory/group_vars/ups/vars.yml @@ -36,6 +36,18 @@ openwrt_packages_add: openwrt_mixin: + /etc/sysctl.conf: + content: | + # Defaults are configured in /etc/sysctl.d/* and can be customized in this file + # + # disable IP forwarding, we don't need it since we are + # only an monitoring the connected UPS + net.ipv4.conf.default.forwarding=0 + net.ipv4.conf.all.forwarding=0 + net.ipv4.ip_forward=0 + net.ipv6.conf.default.forwarding=0 + net.ipv6.conf.all.forwarding=0 + /etc/dropbear/authorized_keys: content: "{{ ssh_keys_root | join('\n') }}\n" @@ -53,36 +65,6 @@ openwrt_mixin: sleep 5 upscmd -u admin -p secret "$UPS" load.on - /etc/rc.d/S22network-fw: - link: "../init.d/network-fw" - - /etc/rc.d/K92network-fw: - link: "../init.d/network-fw" - - /etc/init.d/network-fw: - mode: "0755" - content: | - #!/bin/sh /etc/rc.common - - START=22 - STOP=91 - - start() { - iptables -A INPUT -p tcp --dport 3493 -s 127.0.0.0/8 -j ACCEPT - {% for src in ups_query_sources %} - iptables -A INPUT -p tcp --dport 3493 -s {{ src }} -j ACCEPT - {% endfor %} - iptables -A INPUT -p tcp --dport 3493 -j DROP - } - - stop() { - iptables -D INPUT -p tcp --dport 3493 -j DROP - {% for src in ups_query_sources %} - iptables -D INPUT -p tcp --dport 3493 -s {{ src }} -j ACCEPT - {% endfor %} - iptables -D INPUT -p tcp --dport 3493 -s 127.0.0.0/8 -j ACCEPT - } - openwrt_uci: system: @@ -96,7 +78,7 @@ openwrt_uci: - name: timeserver 'ntp' options: - enabled: '1' + enabled: '0' enable_server: '0' server: - '0.lede.pool.ntp.org' -- cgit v1.2.3