From 8df43c3391afa26488ebf86719a0a097c738b4dd Mon Sep 17 00:00:00 2001
From: LinuxSquare <linuxscripting.sh@gmail.com>
Date: Mon, 18 Nov 2024 20:46:29 +0100
Subject: [PATCH] Add pterodactyl rules

---
 network/files/firewall_pterodactyl-rules.j2 | 10 ++++++++++
 network/firewall.ansible.yml                | 10 +++++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 network/files/firewall_pterodactyl-rules.j2

diff --git a/network/files/firewall_pterodactyl-rules.j2 b/network/files/firewall_pterodactyl-rules.j2
new file mode 100644
index 0000000..c586799
--- /dev/null
+++ b/network/files/firewall_pterodactyl-rules.j2
@@ -0,0 +1,10 @@
+## This file is managed by Ansible
+#!/usr/sbin/nft
+
+table ip nat {
+  chain DOCKER {}
+}
+
+table ip filter {
+  chain DOCKER {}
+}
diff --git a/network/firewall.ansible.yml b/network/firewall.ansible.yml
index 13327b6..dd429a5 100644
--- a/network/firewall.ansible.yml
+++ b/network/firewall.ansible.yml
@@ -20,7 +20,15 @@
         group: root
         mode: '0600'
       vars:
-        ALLOWED_PORTS: [80, 443, 25565, 51871]
+        ALLOWED_PORTS: [80, 443]
+    - name: Additional pterodactyl rules
+      template:
+        src: files/firewall_pterodactyl-rules.j2
+        dest: /etc/nftables.d/pterodactyl.nft
+        owner: root
+        group: root
+        mode: '0600'
+      when: installation_type == 'gaming'
     - name: Enable nftables service
       service:
         name: nftables