From 47af40a10084d78d38fc4aefed76504f9b649852 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arturo=20Filast=C3=B2?= <arturo@filasto.net>
Date: Wed, 8 Jan 2025 10:41:44 +0100
Subject: [PATCH] Fix nftables config of ams-slack-1

---
 ansible/host_vars/ams-slack-1.ooni.org | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 ansible/host_vars/ams-slack-1.ooni.org

diff --git a/ansible/host_vars/ams-slack-1.ooni.org b/ansible/host_vars/ams-slack-1.ooni.org
new file mode 100644
index 0000000..21dc7d2
--- /dev/null
+++ b/ansible/host_vars/ams-slack-1.ooni.org
@@ -0,0 +1,12 @@
+nft_rules_tcp:
+  - name: 22
+    rules:
+      - add rule inet filter input tcp dport 22 counter accept comment "Incoming SSH"
+  - name: 80
+    rules:
+      - add rule inet filter input tcp dport 80 counter accept comment "incoming HTTP"
+  - name: 443
+    rules:
+      - add rule inet filter input tcp dport 443 counter accept comment "incoming HTTPS"
+    - name: 9100
+       - add rule inet filter input ip saddr 5.9.112.244 tcp dport 9100 counter accept comment "clickhouse prometheus from monitoring.ooni.org"