roles/common: use a range for mosh ports in nftables

This is better than a loop in Jinja (though that is useful!).
2021-09-28 07:34:25 +03:00 · 2021-09-28 07:34:25 +03:00 · b13ead0657
parent 89ced6f952
commit b13ead0657
1 changed files with 2 additions and 6 deletions
--- a/roles/common/templates/nftables.conf.j2
+++ b/roles/common/templates/nftables.conf.j2
@ -81,12 +81,8 @@ table inet filter {
        ip6 saddr ::/0 ct state new tcp dport 443 counter accept comment "Allow HTTPS"
        {% endif %}

-        ip saddr 0.0.0.0/0 ct state new udp dport 60001 counter accept comment "Allow mosh"
-        ip saddr 0.0.0.0/0 ct state new udp dport 60002 counter accept comment "Allow mosh"
-        ip saddr 0.0.0.0/0 ct state new udp dport 60003 counter accept comment "Allow mosh"
-        ip6 saddr ::/0 ct state new udp dport 60001 counter accept comment "Allow mosh"
-        ip6 saddr ::/0 ct state new udp dport 60002 counter accept comment "Allow mosh"
-        ip6 saddr ::/0 ct state new udp dport 60003 counter accept comment "Allow mosh"
+        ip saddr 0.0.0.0/0 ct state new udp dport 60001-60003 counter accept comment "Allow mosh"
+        ip6 saddr ::/0 ct state new udp dport 60001-60003 counter accept comment "Allow mosh"

        {# Extra rules #}
        {% if extra_iptables_rules is defined %}