From d674b32cd2d9fd327d007471af846e69a7b33772 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zolt=C3=A1n=20Felleg?= <zoltan.felleg@userrendszerhaz.hu>
Date: Mon, 20 Dec 2021 14:25:45 +0100
Subject: [PATCH] Updated ifg.in (updated nft rules to allow ssh access to
 ws.pm).

---
 sources/ifg.in/firstboot/nftables.config | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/sources/ifg.in/firstboot/nftables.config b/sources/ifg.in/firstboot/nftables.config
index ae8c869..e8d5f0a 100644
--- a/sources/ifg.in/firstboot/nftables.config
+++ b/sources/ifg.in/firstboot/nftables.config
@@ -124,6 +124,7 @@ define PEEP_BO_NET = 10.162.104.0/24
 ################################
 
 #define MX_PORTS = { 25, 110, 143, 465, 587, 993, 995 }
+define SSH_PORT = 22
 define WS_PORTS = { 80, 443 }
 
 
@@ -233,6 +234,13 @@ add rule ip ifg_filter forward \
     oifname $PERIMETER_IF ip daddr $WS_PERIMETER_IPV4 tcp dport $WS_PORTS \
     counter accept comment "Webserver access"
 
+add rule ip ifg_filter forward \
+    ct state new, established \
+    ip protocol tcp \
+    iifname $INTERNAL_IF ip saddr $INTERNAL_IPV4_NETS tcp sport 1024-65535 \
+    oifname $PERIMETER_IF ip daddr $WS_PERIMETER_IPV4 tcp dport $SSH_PORT \
+    counter accept comment "Webserver SSH access"
+
 add rule ip ifg_filter forward \
     ct state new \
     ip protocol udp \
-- 
2.54.0