feat(ansible): add internet access for dlink

2026-05-14 01:15:54 +02:00
parent 28e220d1b7
commit 9c8f075fb1
6 changed files with 142 additions and 23 deletions
@@ -58,6 +58,11 @@
        comment: Allow from IOT to internet only
        in-interface: vlan5
        out-interface-list: wan
+      - action: accept
+        chain: forward
+        comment: Allow from OPENWRT UPLINK to internet only
+        in-interface: vlan6
+        out-interface-list: wan
      - action: accept
        chain: forward
        comment: Allow from dockers to everywhere
@@ -152,6 +157,17 @@
        dst-port: 53
        in-interface: vlan5
        protocol: tcp
+      - action: accept
+        chain: input
+        comment: Allow DNS from OPENWRT UPLINK
+        dst-port: 53
+        in-interface: vlan6
+        protocol: udp
+      - action: accept
+        chain: input
+        dst-port: 53
+        in-interface: vlan6
+        protocol: tcp
      - action: accept
        chain: input
        comment: Allow BGP from SRV
@@ -389,6 +405,11 @@
        comment: Allow from IOT to internet only
        in-interface: vlan5
        out-interface-list: wan
+      - action: accept
+        chain: forward
+        comment: Allow from OPENWRT UPLINK to internet only
+        in-interface: vlan6
+        out-interface-list: wan
      - action: accept
        chain: forward
        comment: Allow from dockers to everywhere
@@ -477,6 +498,17 @@
        dst-port: 53
        in-interface: vlan5
        protocol: tcp
+      - action: accept
+        chain: input
+        comment: Allow DNS from OPENWRT UPLINK
+        dst-port: 53
+        in-interface: vlan6
+        protocol: udp
+      - action: accept
+        chain: input
+        dst-port: 53
+        in-interface: vlan6
+        protocol: tcp
      - action: accept
        chain: input
        comment: Allow BGP from SRV