firewall: make SSH port go first in rules

author: Egor Tensin <Egor.Tensin@gmail.com> 2023-08-08 22:57:19 +0200
committer: Egor Tensin <Egor.Tensin@gmail.com> 2023-08-08 22:57:19 +0200
commit: 3ca728406720da6814f4bcb670639315e3170270 (patch)
tree: c8eceacd70f019595a262a8fe4a3163a9257189c
parent: add router role (diff)
download: infra-ansible-3ca728406720da6814f4bcb670639315e3170270.tar.gz
infra-ansible-3ca728406720da6814f4bcb670639315e3170270.zip
2 files changed, 2 insertions, 2 deletions
diff --git a/roles/firewall/templates/rules.v4 b/roles/firewall/templates/rules.v4
index 7ea1162..38caa43 100644
--- a/roles/firewall/templates/rules.v4
+++ b/roles/firewall/templates/rules.v4
@@ -17,7 +17,7 @@
 {% set ssh_port = hostvars[inventory_hostname].ansible_port %}
 
 # Open TCP ports:
-{% set tcp_ports = firewall_ports_tcp + firewall_ports4_tcp + [ssh_port] %}
+{% set tcp_ports = [ssh_port] + firewall_ports_tcp + firewall_ports4_tcp %}
 {% set tcp_ports = tcp_ports | unique %}
 
 {% for port in tcp_ports %}
diff --git a/roles/firewall/templates/rules.v6 b/roles/firewall/templates/rules.v6
index 27bf58b..ab1ce6d 100644
--- a/roles/firewall/templates/rules.v6
+++ b/roles/firewall/templates/rules.v6
@@ -17,7 +17,7 @@
 {% set ssh_port = hostvars[inventory_hostname].ansible_port %}
 
 # Open TCP ports:
-{% set tcp_ports = firewall_ports_tcp + firewall_ports6_tcp + [ssh_port] %}
+{% set tcp_ports = [ssh_port] + firewall_ports_tcp + firewall_ports6_tcp %}
 {% set tcp_ports = tcp_ports | unique %}
 
 {% for port in tcp_ports %}
author	Egor Tensin <Egor.Tensin@gmail.com>	2023-08-08 22:57:19 +0200
committer	Egor Tensin <Egor.Tensin@gmail.com>	2023-08-08 22:57:19 +0200
commit	3ca728406720da6814f4bcb670639315e3170270 (patch)
tree	c8eceacd70f019595a262a8fe4a3163a9257189c
parent	add router role (diff)
download	infra-ansible-3ca728406720da6814f4bcb670639315e3170270.tar.gz infra-ansible-3ca728406720da6814f4bcb670639315e3170270.zip