From f63342bacca1ae2f28b855f8589efa234f710805 Mon Sep 17 00:00:00 2001
From: Julien Riou <julien@riou.xyz>
Date: Fri, 23 May 2025 08:50:27 +0200
Subject: [PATCH] feat(iptables): Allow mqtt exporter

Signed-off-by: Julien Riou <julien@riou.xyz>
---
 tasks/iptables.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tasks/iptables.yml b/tasks/iptables.yml
index 7e91c04..6b2686d 100644
--- a/tasks/iptables.yml
+++ b/tasks/iptables.yml
@@ -34,6 +34,15 @@
     jump: ACCEPT
     comment: allow node exporter from vpn
 
+- name: Allow mqtt exporter from VPN
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination: "{{ openvpn_subnet }}"
+    destination_port: "9000"
+    jump: ACCEPT
+    comment: allow mqtt exporter from vpn
+
 - name: Deny input connections by default
   ansible.builtin.iptables:
     chain: INPUT