diff --git a/roles/base/molecule/default/converge.yml b/roles/base/molecule/default/converge.yml index 980a153..c219885 100644 --- a/roles/base/molecule/default/converge.yml +++ b/roles/base/molecule/default/converge.yml @@ -17,6 +17,6 @@ photoprism: host: instance ingress: - - { from: reverse_proxy, port: 2342, proto: tcp } + - { from: srv, port: 2342, proto: tcp } roles: - role: base diff --git a/roles/base/molecule/default/molecule.yml b/roles/base/molecule/default/molecule.yml index 342f83a..b23d8da 100644 --- a/roles/base/molecule/default/molecule.yml +++ b/roles/base/molecule/default/molecule.yml @@ -26,7 +26,6 @@ provisioner: host_vars: instance: ansible_user: root - ansible_host: 10.20.0.50 verifier: name: ansible diff --git a/roles/base/templates/nftables.conf.j2 b/roles/base/templates/nftables.conf.j2 index f887ae5..99806f9 100644 --- a/roles/base/templates/nftables.conf.j2 +++ b/roles/base/templates/nftables.conf.j2 @@ -5,10 +5,10 @@ flush ruleset table inet filter { chain input { type filter hook input priority 0; policy drop; - iif "lo" accept + iifname "lo" accept ct state established,related accept ct state invalid drop - iif "{{ base__firewall_mgmt_interface }}" tcp dport {{ base__firewall_ssh_port }} accept + iifname "{{ base__firewall_mgmt_interface }}" tcp dport {{ base__firewall_ssh_port }} accept ip protocol icmp accept ip6 nexthdr ipv6-icmp accept {% for r in base__firewall_resolved %}