From 231dbc3ede21f7d2fe9aae50f5dbb2fd12a415e0 Mon Sep 17 00:00:00 2001
From: Jan Beilicke <dev@jotbe.io>
Date: Wed, 1 Apr 2020 12:56:12 +0200
Subject: [PATCH 1/2] Removes firewall rules from the docker group, it is
 probably better to take care of it on a host level

---
 group_vars/docker.yml | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/group_vars/docker.yml b/group_vars/docker.yml
index 9ea90b9..9065097 100644
--- a/group_vars/docker.yml
+++ b/group_vars/docker.yml
@@ -8,14 +8,3 @@ docker_package_state: present
 docker_compose_version: "1.25.0"
 docker_users:
   - deploy
-firewall_disable_ufw: true
-firewall_flush_rules_and_chains: true
-firewall_allowed_tcp_ports:
-  - "22"
-  - "80"
-  - "443"
-#firewall_allowed_udp_ports:
-#  # Jitsi
-#  - "10000"
-firewall_additional_rules:
-  - "iptables -P INPUT DROP"

From 02d5ff9c4308732d054d6fc3730a0cd60dfefd0d Mon Sep 17 00:00:00 2001
From: Jan Beilicke <dev@jotbe.io>
Date: Wed, 1 Apr 2020 12:57:15 +0200
Subject: [PATCH 2/2] Updated vagrant to reflect the current firewall rules

---
 group_vars/vagrant.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/group_vars/vagrant.yml b/group_vars/vagrant.yml
index d7d1ac0..d4f80ca 100644
--- a/group_vars/vagrant.yml
+++ b/group_vars/vagrant.yml
@@ -1,10 +1,14 @@
 ansible_user: vagrant
 firewall_disable_ufw: true
-firewall_flush_rules_and_chains: true
+firewall_flush_rules_and_chains: false
+firewall_additional_rules:
+  - "iptables -P INPUT DENY"
 firewall_allowed_tcp_ports:
- - "22"
- - "80"
- - "443"
+  - "22"
+  - "80"
+  - "443"
+  # Jitsi
+  - "4443"
 firewall_allowed_udp_ports:
   # Jitsi
   - "10000"