blade: restrict ceph firewall rules to storage network
This commit is contained in:
parent
4f5f2a780a
commit
9ddb5d75f2
1 changed files with 2 additions and 2 deletions
|
@ -98,8 +98,8 @@ in {
|
||||||
firewall.allowedUDPPorts = [
|
firewall.allowedUDPPorts = [
|
||||||
41641 # Tailscale
|
41641 # Tailscale
|
||||||
];
|
];
|
||||||
firewall.allowedTCPPorts = lib.mkIf config.services.ceph.enable [ 6789 3300 ];
|
firewall.interfaces.en-storage.allowedTCPPorts = lib.mkIf config.services.ceph.enable [ 6789 3300 ];
|
||||||
firewall.allowedTCPPortRanges = lib.mkIf config.services.ceph.enable [{ from = 6800; to = 7300; }];
|
firewall.interfaces.en-storage.allowedTCPPortRanges = lib.mkIf config.services.ceph.enable [{ from = 6800; to = 7300; }];
|
||||||
|
|
||||||
nat = lib.optionalAttrs (config.my.blade.macAddress.internet != null) {
|
nat = lib.optionalAttrs (config.my.blade.macAddress.internet != null) {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
Loading…
Reference in a new issue