# Gitea SSH Firewall Rules - Rick-Infra
# Generated by Ansible Gitea role
# Allows incoming SSH connections on port {{ gitea_ssh_port }}
#
# This file is loaded BEFORE the final drop rule (99-drop.nft)
# Filename: 50-gitea.nft (ensures proper load order)

# Add Gitea SSH port to the input chain
add rule inet filter input tcp dport {{ gitea_ssh_port }} ct state new accept comment "Gitea SSH (Port {{ gitea_ssh_port }})"

# Rick-Infra: Self-contained firewall rule for Gitea SSH access