diff --git a/group_vars/infra/firewall.yml b/group_vars/infra/firewall.yml index 697a062..bb6dec0 100644 --- a/group_vars/infra/firewall.yml +++ b/group_vars/infra/firewall.yml @@ -135,6 +135,10 @@ firewall__zones: addrs: - 2a09:6840:211::1:7 - 10.211.1.7 + netbox.ext: + addrs: + - 2a09:6840:211::1:8 + - 10.211.1.8 ns-1.pub: addrs: - 2a09:6840:215::1:2 @@ -155,13 +159,15 @@ firewall__zones: addrs: - 45.66.111.216 - 2a09:6840:215::1:216 - log-1.int: + reverse.pub: addrs: - - 10.206.1.9 + - 45.66.111.217 + - 2a09:6840:215::1:217 + log.int: + addrs: + - 10.206.1.9 # log-1 - 2a09:6840:206::1:9 - log-2.int: - addrs: - - 10.206.1.10 + - 10.206.1.10 #log-2 - 2a09:6840:206::1:10 firewall__input: @@ -198,6 +204,12 @@ firewall__output: - verdict: accept firewall__forward: + - src: infra + dst: log.int + protocols: + tcp: + dport: 20514 + verdict: accept - src: back dst: infra verdict: accept diff --git a/host_vars/ns-master.int.infra.auro.re/knotd.yml b/host_vars/ns-master.int.infra.auro.re/knotd.yml index 435ebea..01bfb3f 100644 --- a/host_vars/ns-master.int.infra.auro.re/knotd.yml +++ b/host_vars/ns-master.int.infra.auro.re/knotd.yml @@ -352,6 +352,9 @@ knotd__hosts: grafana.ext: - 2a09:6840:211::1:7 - 10.211.1.7 + netbox.ext: + - 2a09:6840:211::1:8 + - 10.211.1.8 proxy.pub: - 2a09:6840:215::1:1 - 45.66.111.206 @@ -369,6 +372,9 @@ knotd__hosts: jitsi.pub: - 45.66.111.216 - 2a09:6840:215::1:216 + reverse.pub: + - 45.66.111.217 + - 2a09:6840:215::1:217 knotd__zones: auro.re: