WoodSmellParticle/ansible-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-infra/ansible_collections/nullified/infrastructure/roles/deluge/templates/nftables.d/deluge.nft.j2

55 lines
2.5 KiB
Django/Jinja
Raw Blame History

{% set deluge_allowed_remotes_ip4 = deluge_allowed_remotes | default([]) | ansible.utils.ipv4 %}
{% set deluge_allowed_remotes_ip6 = deluge_allowed_remotes | default([]) | ansible.utils.ipv6 %}
{% if deluge_allow_remote_control and deluge_allowed_remotes_ip4 | length > 0 %}
define allowed_controllers4 = {
{{ deluge_allowed_remotes_ip4 | join(", ") | wordwrap(40, wrapstring="\n ", break_long_words=False) }}
}
{% endif %}
{% if deluge_allow_remote_control and deluge_allowed_remotes_ip6 | length > 0 %}
define allowed_controllers6 = {
{{ deluge_allowed_remotes_ip6 | join(", ") | wordwrap(40, wrapstring="\n ", break_long_words=False) }}
}
{% endif %}
table inet filter {
chain input {
{% if deluge_web_expose_client %}
meta nfproto { ipv4, ipv6 } tcp dport {{ deluge_web_port }} accept
{% else %}
meta nfproto { ipv4, ipv6 } iifname "lo" tcp dport {{ deluge_web_port }} accept
{% endif %}
iifname "lo" tcp dport {{ deluge_daemon_control_port }} accept
{% if deluge_allow_remote_control %}
{% if deluge_allowed_remotes_ip4 | length > 0 %}
ip saddr $allowed_controllers4 meta l4proto { tcp, udp } th dport {{ deluge_daemon_control_port }} accept
{% endif %}
{% if deluge_allowed_remotes_ip6 | length > 0 %}
ip6 saddr $allowed_controllers6 meta l4proto { tcp, udp } th dport {{ deluge_daemon_control_port }} accept
{% endif %}
{% endif %}
meta l4proto { tcp, udp } th dport {{ deluge_daemon_incoming_port }} accept
meta l4proto { tcp, udp } th dport { {{ deluge_daemon_outgoing_port_lo }}-{{ deluge_daemon_outgoing_port_hi }} } accept
}
chain output {
{% if deluge_web_expose_client %}
meta nfproto { ipv4, ipv6 } tcp sport {{ deluge_web_port }} accept
{% else %}
meta nfproto { ipv4, ipv6 } oifname "lo" tcp sport {{ deluge_web_port }} accept
{% endif %}
{% if deluge_allow_remote_control %}
{% if deluge_allowed_remotes_ip4 | length > 0 %}
ip saddr $allowed_controllers4 meta l4proto { tcp, udp } th dport {{ deluge_daemon_control_port }} accept
{% endif %}
{% if deluge_allowed_remotes_ip6 | length > 0 %}
ip6 saddr $allowed_controllers6 meta l4proto { tcp, udp } th dport {{ deluge_daemon_control_port }} accept
{% endif %}
{% endif %}
meta l4proto { tcp, udp } th sport { {{ deluge_daemon_outgoing_port_lo }}-{{ deluge_daemon_outgoing_port_hi }} } accept
oifname "lo" tcp sport {{ deluge_daemon_control_port }} accept
udp dport { 1900, 5351 } accept
tcp dport 6969 accept
}
}
Reference in a new issue View git blame Copy permalink