From 064c28f0a710288de0444e189e68123449ff0bc3 Mon Sep 17 00:00:00 2001
From: VC <veretcle+framagit@mateu.be>
Date: Thu, 20 Mar 2025 17:57:09 +0100
Subject: [PATCH] =?UTF-8?q?=E2=99=BF:=20make=20hypervisor=20accessible=20o?=
 =?UTF-8?q?nline?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 roles/firewall/templates/firewall.j2 | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/roles/firewall/templates/firewall.j2 b/roles/firewall/templates/firewall.j2
index 1aa198a..f8719c0 100644
--- a/roles/firewall/templates/firewall.j2
+++ b/roles/firewall/templates/firewall.j2
@@ -260,6 +260,17 @@ config rule
 
 {% endfor %}
 
+{% set first_hypervisor = hostvars[groups['hypervisors'][0]] %}
+config redirect
+	option name 'Allow-INPUT-ProxmoxVE-Admin'
+	option src 'wan'
+	option src_dport '8006'
+	list proto 'tcp'
+	option dest 'dmz'
+	option dest_ip '{{ first_hypervisor['ansible_default_ipv4']['address'] }}'
+	option dest_port '8006'
+	option target 'DNAT'
+
 # Allow XMPP traffic
 config rule
 	option name 'Allow-OUTPUT-XMPP-s2s'