From cf93a1462f966f0aaf7688449bebafc93308ffa2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?F=C3=A9lix-Antoine=20Fortin?=
 <felix-antoine.fortin@calculquebec.ca>
Date: Fri, 13 Dec 2024 13:50:21 -0500
Subject: [PATCH] Add consul firewall rule

---
 site/profile/manifests/consul.pp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/site/profile/manifests/consul.pp b/site/profile/manifests/consul.pp
index 366508a00..cd691d2a4 100644
--- a/site/profile/manifests/consul.pp
+++ b/site/profile/manifests/consul.pp
@@ -14,6 +14,10 @@
     $retry_join = $servers
   }
 
+  nftables::rule { 'default_in-consul':
+    content => 'tcp dport 8500 accept comment "Accept consul"',
+  }
+
   class { 'consul':
     config_mode   => '0640',
     acl_api_token => lookup('profile::consul::acl_api_token'),