From c2bb309ec6318c1d369256418f726ceb0ef67b7d Mon Sep 17 00:00:00 2001
From: Nils Olof Paulsson <nils.olof.paulsson@liu.se>
Date: Thu, 30 Mar 2023 09:46:46 +0000
Subject: [PATCH] Restrict mysql (33060) to liu-nets

---
 templates/55-permit-skadereg.rules.erb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/55-permit-skadereg.rules.erb b/templates/55-permit-skadereg.rules.erb
index 52d3a7c..d09bad5 100644
--- a/templates/55-permit-skadereg.rules.erb
+++ b/templates/55-permit-skadereg.rules.erb
@@ -3,10 +3,11 @@ require services
 policy skadereg chain skadereg is
 	accept service:http
 	accept service:https
-	accept { tcp/33060 }
 end policy
 
 append rule INPUT -j skadereg
+append rule INPUT -s class:liu-nets -p tcp --dport 33060:33060 -j ACCEPT
+
 
 # <%# Put installed file in view mode when opened with Emacs: -%>
 # <%= "Nota bene: Puppet managed file, all local changes will be reverted." %>
-- 
GitLab