diff options
| -rw-r--r-- | group_vars/all/vars.yml | 2 | ||||
| -rw-r--r-- | roles/security/templates/pf.conf.j2 | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 86b074d..7d9a0b8 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -120,7 +120,7 @@ znc: username: "{{ vault_znc_username }}" realname: "{{ vault_znc_realname }}" password: "{{ vault_znc_password }}" - port: 6697 + port: 6697 # SSL/TLS # Buffer size for each channel/query playback buffer_size: 5000 # Whether channel buffers are automatically cleared after playback diff --git a/roles/security/templates/pf.conf.j2 b/roles/security/templates/pf.conf.j2 index 01d6d12..a2c1381 100644 --- a/roles/security/templates/pf.conf.j2 +++ b/roles/security/templates/pf.conf.j2 @@ -167,12 +167,13 @@ vpn_net = "{{ vpn.network4 }}/24" # * http & https: web service # * git: Git clone etc. # * {{ shadowsocks.port }}: ShadowSocks server +# * {{ znc.port }}: ZNC IRC bouncer (tcp) # * {{ vpn.port }}: OpenVPN service (tcp & udp) # # For restrictive incoming rules in_tcp_services_restricted = "{ {{ ansible_ssh_port }}, smtp, submission, imaps }" # For non-restrictive incoming rules -in_tcp_services = "{ domain, http, https, {{ vpn.port }}, {{ shadowsocks.port }} }" +in_tcp_services = "{ domain, http, https, {{ shadowsocks.port }}, {{ znc.port }}, {{ vpn.port }} }" # For incoming UDP rules in_udp_services = "{ domain, {{ vpn.port }}, {{ ansible_ssh_port+1 }} }" # For outgoing rules |