Update mini-lab and enhance firewall make target

robertvolkmann · robertvolkmann · commit 42192e8d4796 · 2025-01-10T22:59:48.000+01:00
diff --git a/capi-lab/Makefile b/capi-lab/Makefile
@@ -36,4 +36,4 @@ controller:
 
 .PHONY: firewall
 firewall:
-	metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000001 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --firewall-rules-file=capi-lab/firewall-rules.yaml --networks internet-mini-lab,16ec44b7-771b-4514-bb91-d1312a70cdcd
+	metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000001 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --firewall-rules-file=firewall-rules.yaml --networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_RUN_ARG) metalctl network list --name metal-test -o template --template '{{ .id }}')
diff --git a/capi-lab/firewall-rules.yaml b/capi-lab/firewall-rules.yaml
@@ -1,23 +1,33 @@
+---
 egress:
-- comment: allow outgoing traffic for HTTP and HTTPS and DNS
+- comment: allow outgoing HTTP and HTTPS traffic
   ports:
-  - 443
   - 80
+  - 443
+  protocol: TCP
+  to:
+  - 0.0.0.0/0
+- comment: allow outgoing DNS traffic via TCP
+  ports:
   - 53
   protocol: TCP
   to:
   - 0.0.0.0/0
-- comment: allow outgoing DNS and NTP via UDP
+- comment: allow outgoing DNS and NTP traffic via UDP
   ports:
   - 53
   - 123
   protocol: UDP
   to:
   - 0.0.0.0/0
 ingress:
-- comment: allow incoming HTTPS to kube-apiserver
+- comment: allow incoming HTTP and HTTPS traffic
   ports:
+  - 80
   - 443
   protocol: TCP
   from:
-  - 0.0.0.0/0
+  - 172.16.0.0/12 # Docker Networks
+  - 203.0.113.0/24 # metal_lab_ext
+  to:
+  - 203.0.113.128/25
diff --git a/capi-lab/mini-lab b/capi-lab/mini-lab
@@ -1 +1 @@
-Subproject commit 5d2b1883b4bbac7d85f83a865f4e735ac53e1026
+Subproject commit 1ca3690fff6f6205ede5f351ef6134319105dd44
