From 3af1307740441e285a0b802409950ca0d21b9c15 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Thu, 1 Apr 2021 23:11:00 +0200
Subject: glt-gw-tug: allow ssh from LAN

---
 inventory/host_vars/glt-gw-tug.yml | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'inventory/host_vars/glt-gw-tug.yml')

diff --git a/inventory/host_vars/glt-gw-tug.yml b/inventory/host_vars/glt-gw-tug.yml
index 33ebb757..d1bbfa95 100644
--- a/inventory/host_vars/glt-gw-tug.yml
+++ b/inventory/host_vars/glt-gw-tug.yml
@@ -23,6 +23,7 @@ openwrt_packages_add:
   - iperf
   - iperf3
   - mtr
+  - iptraf-ng
 
 
 openwrt_mixin:
@@ -65,6 +66,7 @@ openwrt_mixin:
         iptables -A INPUT -i "$LAN_IF" -p tcp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
 
         iptables -A INPUT -i "$LAN_IF" -p icmp -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
+        iptables -A INPUT -i "$LAN_IF" -p tcp --dport {{ ansible_port }} -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
         iptables -A INPUT -i "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
         iptables -A FORWARD -i "$LAN_IF" -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
-- 
cgit v1.2.3