playbook: Fix firewall

826f73fc · Levin Zimmermann · 15e642b9 · 826f73fc · 826f73fc
Commit 826f73fc authored Dec 30, 2021 by Levin Zimmermann
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 5 deletions

playbook/wendelin-olimex-iot-gateway.yml playbook/wendelin-olimex-iot-gateway.yml +2 -2

playbook/wendelin-olimex-sensor.yml playbook/wendelin-olimex-sensor.yml +2 -3

No files found.
--- a/playbook/wendelin-olimex-iot-gateway.yml
+++ b/playbook/wendelin-olimex-iot-gateway.yml
@@ -34,8 +34,8 @@
        ip6tables -A INPUT -p tcp --dport $LISTEN_SENSOR_PORT -j ACCEPT
        ip6tables -A INPUT -p udp --dport $LISTEN_SENSOR_PORT -j ACCEPT

-        ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-        ip6tables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+        ip6tables -A OUTPUT -p tcp --sport $LISTEN_SENSOR_PORT -j ACCEPT
+        ip6tables -A OUTPUT -p udp --sport $LISTEN_SENSOR_PORT -j ACCEPT

  roles:
    - role: olimex-board
--- a/playbook/wendelin-olimex-sensor.yml
+++ b/playbook/wendelin-olimex-sensor.yml
@@ -11,14 +11,13 @@
    - iptables_rules: |
        # To send data to IoT-Gateway
          
-        iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-          
        LISTEN_SENSOR_PORT=24224

        ip6tables -A OUTPUT -p tcp --dport $LISTEN_SENSOR_PORT -j ACCEPT
        ip6tables -A OUTPUT -p udp --dport $LISTEN_SENSOR_PORT -j ACCEPT

-        ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+        ip6tables -A INPUT -p tcp --sport $LISTEN_SENSOR_PORT -j ACCEPT 
+        ip6tables -A INPUT -p udp --sport $LISTEN_SENSOR_PORT -j ACCEPT

  roles:
    - role: olimex-sensor