feat(iptables): Allow node exporter

Node exporter is managed outside of this repository. Signed-off-by: Julien Riou <julien@riou.xyz>
2025-05-16 15:27:20 +02:00 · 2025-05-16 15:27:20 +02:00 · 55ea541cbe
commit 55ea541cbe
parent 97ab3931bb
1 changed files with 9 additions and 0 deletions
--- a/tasks/iptables.yml
+++ b/tasks/iptables.yml
@ -25,6 +25,15 @@
    jump: ACCEPT
    comment: allow ping from the world

+- name: Allow node exporter from VPN
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination: "{{ openvpn_subnet }}"
+    destination_port: "9100"
+    jump: ACCEPT
+    comment: allow node exporter from vpn
+
 - name: Deny input connections by default
  ansible.builtin.iptables:
    chain: INPUT