firewall + dns: configuration reverse.pub & netbox.ext

2025-10-13 23:57:52 +02:00 · 2025-10-13 23:57:52 +02:00 · 2b624069ed
commit 2b624069ed
parent 8e8bf490b9
2 changed files with 23 additions and 5 deletions
--- a/group_vars/infra/firewall.yml
+++ b/group_vars/infra/firewall.yml
@ -135,6 +135,10 @@ firewall__zones:
    addrs:
      - 2a09:6840:211::1:7
      - 10.211.1.7
+  netbox.ext:
+    addrs:
+      - 2a09:6840:211::1:8
+      - 10.211.1.8
  ns-1.pub:
    addrs:
      - 2a09:6840:215::1:2
@ -155,13 +159,15 @@ firewall__zones:
    addrs:
      - 45.66.111.216
      - 2a09:6840:215::1:216
-  log-1.int:
+  reverse.pub:
    addrs:
-      - 10.206.1.9
+      - 45.66.111.217
+      - 2a09:6840:215::1:217
+  log.int:
+    addrs:
+      - 10.206.1.9          # log-1
      - 2a09:6840:206::1:9
-  log-2.int:
-    addrs:
-      - 10.206.1.10
+      - 10.206.1.10         #log-2
      - 2a09:6840:206::1:10

 firewall__input:
@ -198,6 +204,12 @@ firewall__output:
  - verdict: accept

 firewall__forward:
+  - src: infra
+    dst: log.int
+    protocols:
+      tcp:
+        dport: 20514
+    verdict: accept
  - src: back
    dst: infra
    verdict: accept
--- a/host_vars/ns-master.int.infra.auro.re/knotd.yml
+++ b/host_vars/ns-master.int.infra.auro.re/knotd.yml
@ -352,6 +352,9 @@ knotd__hosts:
    grafana.ext:
      - 2a09:6840:211::1:7
      - 10.211.1.7
+    netbox.ext:
+      - 2a09:6840:211::1:8
+      - 10.211.1.8
    proxy.pub:
      - 2a09:6840:215::1:1
      - 45.66.111.206
@ -369,6 +372,9 @@ knotd__hosts:
    jitsi.pub:
      - 45.66.111.216
      - 2a09:6840:215::1:216
+    reverse.pub:
+      - 45.66.111.217
+      - 2a09:6840:215::1:217

 knotd__zones:
  auro.re: