From: Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Date: Mon, 20 Dec 2021 13:25:45 +0000 (+0100)
Subject: Updated ifg.in (updated nft rules to allow ssh access to ws.pm).
X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=d674b32cd2d9fd327d007471af846e69a7b33772;p=user-lxc.git

Updated ifg.in (updated nft rules to allow ssh access to ws.pm).
---

diff --git a/sources/ifg.in/firstboot/nftables.config b/sources/ifg.in/firstboot/nftables.config
index ae8c869..e8d5f0a 100644
--- a/sources/ifg.in/firstboot/nftables.config
+++ b/sources/ifg.in/firstboot/nftables.config
@@ -124,6 +124,7 @@ define PEEP_BO_NET = 10.162.104.0/24
 ################################
 
 #define MX_PORTS = { 25, 110, 143, 465, 587, 993, 995 }
+define SSH_PORT = 22
 define WS_PORTS = { 80, 443 }
 
 
@@ -233,6 +234,13 @@ add rule ip ifg_filter forward \
     oifname $PERIMETER_IF ip daddr $WS_PERIMETER_IPV4 tcp dport $WS_PORTS \
     counter accept comment "Webserver access"
 
+add rule ip ifg_filter forward \
+    ct state new, established \
+    ip protocol tcp \
+    iifname $INTERNAL_IF ip saddr $INTERNAL_IPV4_NETS tcp sport 1024-65535 \
+    oifname $PERIMETER_IF ip daddr $WS_PERIMETER_IPV4 tcp dport $SSH_PORT \
+    counter accept comment "Webserver SSH access"
+
 add rule ip ifg_filter forward \
     ct state new \
     ip protocol udp \