add gitea to firewall

2023-12-03 21:50:19 +01:00
parent 31e3b526f1
commit 5da0671fc0
1 changed files with 5 additions and 8 deletions
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -70,9 +70,8 @@
            # Allow networks to access the dns and dhcp
            iifname {
              "lan",
+              "vb-gitea",
              "podman0",
-              "server",
-              "vserver",
              "infrastructure",
              "wg_cloonar",
              "smart",
@@ -81,8 +80,7 @@
            iifname {
              "lan",
              "podman0",
-              "server",
-              "vserver",
+              "vb-gitea",
              "infrastructure",
              "wg_cloonar",
              "smart",
@@ -113,15 +111,14 @@

            # lan and vpn to any
            # TODO: disable wan when finished
-            iifname { "wan", "lan", "server", "vserver", "podman0", "wg_cloonar" } oifname { "lan", "server", "vserver", "podman0", "infrastructure", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept
-            iifname { "infrastructure" } oifname { "podman0", "server", "vserver" } counter accept
+            iifname { "wan", "lan", "vb-gitea", "podman0", "wg_cloonar" } oifname { "lan", "vb-gitea", "podman0", "infrastructure", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept
+            iifname { "infrastructure" } oifname { "podman0", "vb-omada" } counter accept

            # Allow trusted network WAN access
            iifname {
              "lan",
              "infrastructure",
-              "server",
-              "vserver",
+              "vb-gitea",
              "podman0",
              "multimedia",
              "smart",