blade: restrict ceph firewall rules to storage network
This commit is contained in:
parent
4f5f2a780a
commit
9ddb5d75f2
1 changed files with 2 additions and 2 deletions
|
@ -98,8 +98,8 @@ in {
|
|||
firewall.allowedUDPPorts = [
|
||||
41641 # Tailscale
|
||||
];
|
||||
firewall.allowedTCPPorts = lib.mkIf config.services.ceph.enable [ 6789 3300 ];
|
||||
firewall.allowedTCPPortRanges = lib.mkIf config.services.ceph.enable [{ from = 6800; to = 7300; }];
|
||||
firewall.interfaces.en-storage.allowedTCPPorts = lib.mkIf config.services.ceph.enable [ 6789 3300 ];
|
||||
firewall.interfaces.en-storage.allowedTCPPortRanges = lib.mkIf config.services.ceph.enable [{ from = 6800; to = 7300; }];
|
||||
|
||||
nat = lib.optionalAttrs (config.my.blade.macAddress.internet != null) {
|
||||
enable = true;
|
||||
|
|
Loading…
Reference in a new issue