aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAaron LI <aly@aaronly.me>2018-03-14 17:50:33 +0800
committerAaron LI <aly@aaronly.me>2018-03-14 17:50:33 +0800
commitf2402b66976e57c457b36141444a3687ce918bfe (patch)
treefab207a746830ec779951cbe9272259c4128e7fd
parentde6c949a2956deed27b9c053bfcaac1a47ed43a6 (diff)
downloadansible-dfly-vps-f2402b66976e57c457b36141444a3687ce918bfe.tar.bz2
security/pf: allow IRC bouncer by ZNC
-rw-r--r--group_vars/all/vars.yml2
-rw-r--r--roles/security/templates/pf.conf.j23
2 files changed, 3 insertions, 2 deletions
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 86b074d..7d9a0b8 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -120,7 +120,7 @@ znc:
username: "{{ vault_znc_username }}"
realname: "{{ vault_znc_realname }}"
password: "{{ vault_znc_password }}"
- port: 6697
+ port: 6697 # SSL/TLS
# Buffer size for each channel/query playback
buffer_size: 5000
# Whether channel buffers are automatically cleared after playback
diff --git a/roles/security/templates/pf.conf.j2 b/roles/security/templates/pf.conf.j2
index 01d6d12..a2c1381 100644
--- a/roles/security/templates/pf.conf.j2
+++ b/roles/security/templates/pf.conf.j2
@@ -167,12 +167,13 @@ vpn_net = "{{ vpn.network4 }}/24"
# * http & https: web service
# * git: Git clone etc.
# * {{ shadowsocks.port }}: ShadowSocks server
+# * {{ znc.port }}: ZNC IRC bouncer (tcp)
# * {{ vpn.port }}: OpenVPN service (tcp & udp)
#
# For restrictive incoming rules
in_tcp_services_restricted = "{ {{ ansible_ssh_port }}, smtp, submission, imaps }"
# For non-restrictive incoming rules
-in_tcp_services = "{ domain, http, https, {{ vpn.port }}, {{ shadowsocks.port }} }"
+in_tcp_services = "{ domain, http, https, {{ shadowsocks.port }}, {{ znc.port }}, {{ vpn.port }} }"
# For incoming UDP rules
in_udp_services = "{ domain, {{ vpn.port }}, {{ ansible_ssh_port+1 }} }"
# For outgoing rules