add more ports for ecobee

carpenike · Sep 29, 2021 · 118e389 · 118e389
1 parent 123df2f
commit 118e389
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 2 deletions.
diff --git a/ansible/inventory/host_vars/fw/firewall_rules.yml b/ansible/inventory/host_vars/fw/firewall_rules.yml
@@ -214,7 +214,7 @@ vyos_firewall_rules:
     source:
       address-group: ecobee
     destination:
-      port: 8089
+      port: 8089,8190
 
   accept_esphome_from_k8s_nodes:
     action: accept
@@ -416,3 +416,11 @@ vyos_firewall_rules:
     destination:
       port: 631
       address-group: printers
+
+  accept_ubnt_cloud_from_k8s_nodes:
+    action: accept
+    protocol: tcp
+    source:
+      address-group: k8s_nodes
+    destination:
+      port: 8883
diff --git a/ansible/inventory/host_vars/fw/firewall_zones.yml b/ansible/inventory/host_vars/fw/firewall_zones.yml
@@ -50,6 +50,7 @@ vyos_firewall_zones:
           - accept_https: null
           - accept_racknerd_vpn_from_k8s_nodes: null
           - accept_mullvad_vpn_from_k8s_nodes: null
+          - accept_ubnt_cloud_from_k8s_nodes: null
       - ignoreZones:
           - video
           - wireless

diff --git a/ansible/inventory/host_vars/fw/main.yml b/ansible/inventory/host_vars/fw/main.yml
@@ -318,7 +318,8 @@ vyos_containers:
           [
             vyos_interfaces_enriched['wireless']['interface_complete'],
             vyos_interfaces_enriched['wired']['interface_complete'],
-            vyos_interfaces_enriched['iot']['interface_complete']
+            vyos_interfaces_enriched['iot']['interface_complete'],
+            vyos_interfaces_enriched['servers']['interface_complete']
           ] | join(",")
         -}}
       CFG_MULTICAST: "224.0.0.251"