From 923c8a3ebc47454470182de9c32f96d633d9cd2e Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sat, 29 Mar 2025 09:27:28 -0500
Subject: [PATCH] r/unifi: Open firewall port for syslog server

The Unifi Network controller runs a syslog server (listening on UDP port
5514) where Unifi devices can send their logs.  We need to open the port
in the firewall in order for it to receive log messages and write them
to disk.
---
 roles/unifi/tasks/deploy.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/roles/unifi/tasks/deploy.yml b/roles/unifi/tasks/deploy.yml
index 149abc2..de8ff12 100644
--- a/roles/unifi/tasks/deploy.yml
+++ b/roles/unifi/tasks/deploy.yml
@@ -30,6 +30,16 @@
   tags:
   - firewalld
 
+- name: ensure firewall is configured for unifi syslog
+  firewalld:
+    port: 5514/udp
+    permanent: true
+    immediate: true
+    state: enabled
+  when: host_uses_firewalld|d(true)|bool
+  tags:
+  - firewalld
+
 - name: ensure caddy is configured to proxy for unifi
   template:
     src: unifi.caddyfile.j2