From 575a9fdfe64bc7ef89747af4d217cdd8c9faf1f5 Mon Sep 17 00:00:00 2001
From: Alan Orth <alan.orth@gmail.com>
Date: Sun, 5 Sep 2021 16:23:42 +0300
Subject: [PATCH] roles/common: Add mosh ports to common

These have been in each hosts's "extra" rules lists forever and I
use them on every single host so they might as well be in the base
rules.
---
 roles/common/templates/nftables.conf.j2 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/roles/common/templates/nftables.conf.j2 b/roles/common/templates/nftables.conf.j2
index f43a5db..2e7ad68 100755
--- a/roles/common/templates/nftables.conf.j2
+++ b/roles/common/templates/nftables.conf.j2
@@ -81,6 +81,13 @@ table inet filter {
         ip6 saddr ::/0 ct state new tcp dport 443 counter accept comment "Allow HTTPS"
         {% endif %}
 
+        ip saddr 0.0.0.0/0 ct state new udp dport 60001 counter accept comment "Allow mosh"
+        ip saddr 0.0.0.0/0 ct state new udp dport 60002 counter accept comment "Allow mosh"
+        ip saddr 0.0.0.0/0 ct state new udp dport 60003 counter accept comment "Allow mosh"
+        ip6 saddr ::/0 ct state new udp dport 60001 counter accept comment "Allow mosh"
+        ip6 saddr ::/0 ct state new udp dport 60002 counter accept comment "Allow mosh"
+        ip6 saddr ::/0 ct state new udp dport 60003 counter accept comment "Allow mosh"
+
         {# Extra rules #}
         {% if extra_iptables_rules is defined %}
         {% for rule in extra_iptables_rules %}