Open munin from all hosts firewll

group_vars/adm.yml

@@ -6,3 +6,4 @@ datadisks:
 firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22]}
   - {proto: tcp, port: 443, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}

group_vars/collab.yml

@@ -5,3 +5,4 @@ datadisks:
 firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22]}
   - {proto: tcp, port: 443, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}

group_vars/git.yml

@@ -6,3 +6,4 @@ datadisks:
 firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22]}
   - {proto: tcp, port: 443, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}

group_vars/ldap.yml

@@ -5,3 +5,4 @@ firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22]}
   - {proto: tcp, port: 443, from: [172.20.20.0/22]}
   - {proto: tcp, port: 636, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}

group_vars/log.yml

@@ -4,4 +4,5 @@ datadisks:
 
 firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
   - {proto: tcp, port: 6514}

group_vars/mail.yml

@@ -10,3 +10,4 @@ firewall_in:
   - {proto: tcp, port: 465}
   - {proto: tcp, port: 587}
   - {proto: tcp, port: 993}
+  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}

group_vars/mirror.yml

@@ -7,3 +7,4 @@ firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22]}
   - {proto: tcp, port: 443, from: [172.20.20.0/22]}
   - {proto: tcp, port: 873, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}

group_vars/nas.yml

@@ -9,3 +9,4 @@ firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22]}
   - {proto: tcp, port: 2049, from: [172.20.20.0/22]}
   - {proto: tcp, port: 2049, from: [172.20.30.0/24]}
+  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}

group_vars/ns.yml

@@ -6,6 +6,7 @@ firewall_in:
   - {proto: tcp, port: 80}
   - {proto: tcp, port: 443}
   - {proto: tcp, port: 853}
+  - {proto: tcp, port: 4949, from: [172.20.20.0/22, 81.175.130.44/32]}
 
 ifstated_config: ifstated-ns.conf
 network_carp_interfaces:

group_vars/proxy.yml

@@ -49,4 +49,5 @@ firewall_in:
   - {proto: tcp, port: 80}
   - {proto: tcp, port: 443}
   - {proto: tcp, port: 636}
+  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
   - {proto: tcp, port: 6514}

group_vars/shell.yml

@@ -7,3 +7,4 @@ num_cpus: 4
 
 firewall_in:
   - {proto: tcp, port: 22}
+  - {proto: tcp, port: 4949, from: [81.175.130.44/32]}

group_vars/static.yml

@@ -2,3 +2,4 @@
 firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22]}
   - {proto: tcp, port: 443, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}

group_vars/vmhost.yml

@@ -1,3 +1,4 @@
 ---
 firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}

roles/pf/files/pf.conf.gw_fsol

@@ -30,8 +30,9 @@ pass quick inet6 proto icmp6
 antispoof for lo0
 antispoof for vio0
 
-# admin connection (internal)
+# admin connection and munin (internal)
 pass in quick on $int_if proto tcp from $int_net to self port ssh keep state (no-sync)
+pass in quick on $int_if proto tcp from $int_net to self port 4949 keep state (no-sync)
 
 # internal network
 block in quick from any to self

roles/pf/files/pf.conf.gw_home

@@ -45,6 +45,9 @@ pass in quick on $ext_if proto tcp from 37.35.86.64/29 to self port ssh
 pass in quick on $ext_if proto tcp from 37.16.96.144/28 to self port ssh
 pass in quick on $ext_if proto tcp from 81.175.155.142/32 to self port ssh
 
+# munin from internal network
+pass in quick on $int_if proto tcp from $int_net to self port 4949
+
 # allow dns queries from internal net
 pass in quick on $int_if proto { tcp, udp } from $int_net to self port domain