ufw: Zugriff immer nur per IPv4 (#210)

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#210
Co-authored-by: mg <mg@noreply.git.mgrote.net>
Co-committed-by: mg <mg@noreply.git.mgrote.net>
This commit is contained in:
Michael Grote 2021-10-06 10:18:23 +02:00
parent 04796f4d23
commit 8f80c2855f
12 changed files with 22 additions and 4 deletions

View file

@ -5,6 +5,7 @@
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 4949
protocol: tcp
@ -13,6 +14,7 @@
- rule: allow
to_port: 9999
comment: 'acng'
from_ip: 0.0.0.0/0
### mgrote.acng
acng_server_port: 9999
acng_server_exthreshold: "60" #hebt Pakete 60 Tage auf

View file

@ -28,9 +28,6 @@
config: |
[lvm_*]
user root
### mgrote.dotfiles
dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles
dotfiles_repo_path: /home/mg/dotfiles
@ -97,6 +94,7 @@
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 4949
protocol: tcp

View file

@ -21,7 +21,6 @@
/var/lib/docker/volumes/docker-photoprism_pp_smb_bilder***/**
# https://github.com/restic/restic/issues/1005
# https://forum.restic.net/t/exclude-syntax-confusion/1531/12
### geerlingguy.munin-node
munin_node_plugins:
- name: chrony

View file

@ -7,9 +7,11 @@
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 80
comment: 'dokuwiki-webserver'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 4949
protocol: tcp

View file

@ -99,12 +99,15 @@
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 445
comment: 'smb'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 139
comment: 'smb'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 4949
protocol: tcp

View file

@ -7,14 +7,17 @@
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 3000
protocol: tcp
comment: 'gitea'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 2222
protocol: tcp
comment: 'gitea'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 4949
protocol: tcp

View file

@ -13,9 +13,11 @@
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 8080
comment: 'jenkins'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 4949
protocol: tcp

View file

@ -65,3 +65,4 @@
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0

View file

@ -5,6 +5,7 @@
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 123
comment: 'ntp'

View file

@ -5,9 +5,11 @@
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 80
comment: 'pihole-webgui'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 4949
protocol: tcp
@ -16,6 +18,7 @@
- rule: allow
to_port: 53
comment: 'pihole-dns'
from_ip: 0.0.0.0/0
## playbook
pihole_homer_fqdn: docker.grote.lan # unter welchem host ist docker erreichbar? notwendig für die pihole stats in homer; fur die cors abfrage
### mgrote.restic

View file

@ -39,7 +39,9 @@
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 4949
protocol: tcp
comment: 'munin'
from_ip: 0.0.0.0/0

View file

@ -31,10 +31,12 @@
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 4949
protocol: tcp
comment: 'munin'
from_ip: 0.0.0.0/0
### mgrote.apt_install_packages
programs_extra:
- libwww-curl-perl # für munin-plugin: unifi