infra-ansible

ansible script to ship alpine/ssh/wireguard

git clone https://9o.is/git/infra-ansible.git

commit e6f1cef259c36cb4ef837c348f431b33e8315986
parent f83780984757720e7df8d359ef9c05a829c8b41f
Author: Jul <jul@9o.is>
Date:   Sat, 11 May 2024 03:48:30 +0800

only allow openssh port from fwknop

Diffstat:
M host/roles/fwknop/templates/access.conf.j2  | 1 +

1 file changed, 1 insertion(+), 0 deletions(-)
diff --git a/host/roles/fwknop/templates/access.conf.j2 b/host/roles/fwknop/templates/access.conf.j2
@@ -1,4 +1,5 @@
 SOURCE                  ANY
 REQUIRE_SOURCE_ADDRESS  Y
+OPEN_PORTS              tcp/{{ openssh_port }}
 KEY_BASE64              {{ fwknop_key_base64 }}
 HMAC_KEY_BASE64         {{ fwknop_hmac_key_base64 }}