foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

pf: Open node_exporter to allow proxying

Browse source
This commit is contained in:
Timo Makinen 2025-08-02 18:24:34 +00:00
parent 1a408365ab
commit f8dba6d387
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
roles/pf/templates/pf.conf.gw_dna.j2
View file

@ -46,8 +46,7 @@ pass in quick on $ext_if proto tcp from 37.16.96.144/28 to self port ssh
pass in quick on $ext_if proto tcp from {{ gw_home_ip }}/32 to self port ssh pass in quick on $ext_if proto tcp from {{ gw_home_ip }}/32 to self port ssh
pass in quick on $ext_if proto tcp from {{ gw_lan_ip }}/32 to self port ssh pass in quick on $ext_if proto tcp from {{ gw_lan_ip }}/32 to self port ssh
# node_exporter and unbound_exporter from internal network # unbound_exporter from internal network
pass in quick on $int_if proto tcp from $int_net to self port 9100
pass in quick on $int_if proto tcp from $int_net to self port 9167 pass in quick on $int_if proto tcp from $int_net to self port 9167
# allow dhcpd failover # allow dhcpd failover
@ -69,6 +68,9 @@ pass in quick on $int_if proto udp from $int_net to self port ntp
pass in quick proto tcp from any to self port http pass in quick proto tcp from any to self port http
pass in quick proto tcp from any to self port https pass in quick proto tcp from any to self port https
# allow node exporter from outside (to proxy clients)
pass in quick proto tcp from $int_net to self port 9100
# block rest of packets coming to me # block rest of packets coming to me
block in quick from any to self block in quick from any to self