From c7a48b74c622eec8663e5d975c36558790468c0f Mon Sep 17 00:00:00 2001
From: Tunui Franken <tfranken@easter-eggs.com>
Date: Tue, 25 Mar 2025 10:22:56 +0100
Subject: [PATCH] Allow to check ssh on lime2 when using NATted address

---
 roles/icinga2_master/templates/nftables/output.d/icinga2.conf.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/icinga2_master/templates/nftables/output.d/icinga2.conf.j2 b/roles/icinga2_master/templates/nftables/output.d/icinga2.conf.j2
index 8b203a3..e2fccba 100644
--- a/roles/icinga2_master/templates/nftables/output.d/icinga2.conf.j2
+++ b/roles/icinga2_master/templates/nftables/output.d/icinga2.conf.j2
@@ -2,3 +2,4 @@
 
 ip daddr {{ hostvars[icinga2_agent].ipv4_addr }} tcp dport 5665 accept comment "Allow Icinga2 to Agent"
 ip daddr {{ hostvars[relayhost].ipv4_addr }} tcp dport { 22, 25, 465, 587, 993 } accept comment "Allow some ports to check mailserver"
+ip daddr {{ ipv4_addr }} tcp dport 22 accept comment "Allow some ports to check myself"