nftables / staging / rdu3: allow noc01 in rdu3 staging

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2026-06-27 23:57:02 +08:00 · 2025-06-23 15:33:45 -07:00
parent c7c9c8b73b
commit d7ecffec22
1 changed files with 4 additions and 0 deletions
--- a/roles/base/templates/nftables/nftables.staging
+++ b/roles/base/templates/nftables/nftables.staging
@@ -20,10 +20,14 @@ add rule ip filter INPUT ct state new tcp dport 22 counter accept
 # for nrpe - allow it from nocs
 add rule ip filter INPUT ip saddr 192.168.1.10  tcp dport 5666 counter accept
 add rule ip filter INPUT ip saddr 192.168.1.166 tcp dport 5666 counter accept
+add rule ip filter INPUT ip saddr 192.168.1.66 tcp dport 5666 counter accept
 # FIXME - this is the global nat-ip and we need the noc01-specific ip
 add rule ip filter INPUT ip saddr 38.145.60.16  tcp dport 5666 counter accept
 add rule ip filter INPUT ip saddr 38.145.60.15  tcp dport 5666 counter accept
+add rule ip filter INPUT ip saddr 38.145.32.16  tcp dport 5666 counter accept
+add rule ip filter INPUT ip saddr 38.145.32.15  tcp dport 5666 counter accept
 add rule ip filter INPUT ip saddr 10.3.163.10   tcp dport 5666 counter accept
+add rule ip filter INPUT ip saddr 10.16.163.10   tcp dport 5666 counter accept
 # zabbix01.stg
 add rule ip filter INPUT tcp dport 10051 counter accept
 add rule ip filter INPUT ip saddr 10.3.166.61 tcp dport 10050 counter accept