From b13ead0657b1693a67f4175e247be10195508412 Mon Sep 17 00:00:00 2001
From: Alan Orth <alan.orth@gmail.com>
Date: Tue, 28 Sep 2021 07:34:25 +0300
Subject: [PATCH] roles/common: use a range for mosh ports in nftables

This is better than a loop in Jinja (though that is useful!).
---
 roles/common/templates/nftables.conf.j2 | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/roles/common/templates/nftables.conf.j2 b/roles/common/templates/nftables.conf.j2
index 2e7ad68..8aca927 100755
--- a/roles/common/templates/nftables.conf.j2
+++ b/roles/common/templates/nftables.conf.j2
@@ -81,12 +81,8 @@ table inet filter {
         ip6 saddr ::/0 ct state new tcp dport 443 counter accept comment "Allow HTTPS"
         {% endif %}
 
-        ip saddr 0.0.0.0/0 ct state new udp dport 60001 counter accept comment "Allow mosh"
-        ip saddr 0.0.0.0/0 ct state new udp dport 60002 counter accept comment "Allow mosh"
-        ip saddr 0.0.0.0/0 ct state new udp dport 60003 counter accept comment "Allow mosh"
-        ip6 saddr ::/0 ct state new udp dport 60001 counter accept comment "Allow mosh"
-        ip6 saddr ::/0 ct state new udp dport 60002 counter accept comment "Allow mosh"
-        ip6 saddr ::/0 ct state new udp dport 60003 counter accept comment "Allow mosh"
+        ip saddr 0.0.0.0/0 ct state new udp dport 60001-60003 counter accept comment "Allow mosh"
+        ip6 saddr ::/0 ct state new udp dport 60001-60003 counter accept comment "Allow mosh"
 
         {# Extra rules #}
         {% if extra_iptables_rules is defined %}