From d0d8c1eb102023fd5968d304ffa2667b18b07050 Mon Sep 17 00:00:00 2001
From: Guillem Jover <gjover@sipwise.com>
Date: Mon, 16 Oct 2023 23:55:40 +0200
Subject: [PATCH] MT#58452 Add IPv6 listening checks for existing IPv4 checks

Add IPv6 entries for services for which we are currently checking their
IPv4 listening addresses. This makes sure we check for these addresses
and that we do not regress in case other components rely on being able
to access these services through these addresses.

Change-Id: Ifa73e594d8cce862af77317ea88cea5c564dd1c6
---
 templates/810_network-dns-debian.yaml.tt2     | 1 +
 templates/820_network-ports-debian.yaml.tt2   | 9 +++++++++
 templates/821_network-ports-ngcp.yaml.tt2     | 9 +++++++++
 templates/822_network-ports-ngcp-pro.yaml.tt2 | 3 +++
 4 files changed, 22 insertions(+)

diff --git a/templates/810_network-dns-debian.yaml.tt2 b/templates/810_network-dns-debian.yaml.tt2
index fa871fa..1b2f848 100644
--- a/templates/810_network-dns-debian.yaml.tt2
+++ b/templates/810_network-dns-debian.yaml.tt2
@@ -3,4 +3,5 @@ dns:
     resolvable: true
     addrs:
       - 127.0.0.1
+      - ::1
     timeout: 500
diff --git a/templates/820_network-ports-debian.yaml.tt2 b/templates/820_network-ports-debian.yaml.tt2
index 4a4073e..1b6f92c 100644
--- a/templates/820_network-ports-debian.yaml.tt2
+++ b/templates/820_network-ports-debian.yaml.tt2
@@ -3,16 +3,25 @@ port:
   tcp:22:
     listening: true
     ip: ["0.0.0.0"]
+  tcp6:22:
+    listening: true
+    ip: ["::"]
 
   # Exim MTA
   tcp:25:
     listening: true
     ip: ["127.0.0.1"]
+  tcp6:25:
+    listening: true
+    ip: ["::1"]
 
   # NTP (systemd-timesyncd does not listen)
   udp:123:
     listening: [% ntp.backend == 'timesyncd' ? 'false' : 'true ' %]
     ip: ["0.0.0.0", "127.0.0.1"]
+  udp6:123:
+    listening: [% ntp.backend == 'timesyncd' ? 'false' : 'true ' %]
+    ip: ["::", "::1"]
 
   # Check for a closed port, nothing there.
   tcp:7777:
diff --git a/templates/821_network-ports-ngcp.yaml.tt2 b/templates/821_network-ports-ngcp.yaml.tt2
index cd4c629..880471a 100644
--- a/templates/821_network-ports-ngcp.yaml.tt2
+++ b/templates/821_network-ports-ngcp.yaml.tt2
@@ -78,11 +78,17 @@ port:
   tcp:443:
     listening: true
     ip: ["[% web_ext_ips.0 %]"]
+  tcp6:443:
+    listening: true
+    ip: ["::1"]
 
   # Nginx HTTPS (NGCP Panel Admin)
   tcp:1443:
     listening: true
     ip: ["[% web_int_ips.0 %]"]
+  tcp6:1443:
+    listening: true
+    ip: ["::1"]
 
 [% END -%]
 [% IF is_mgmt && pbx.enable == 'yes' -%]
@@ -198,6 +204,9 @@ port:
   tcp:6379:
     listening: true
     ip: ["127.0.0.1", "[% ha_int_ips.0 %]"]
+  tcp6:6379:
+    listening: true
+    ip: ["::1"]
 
 [% END -%]
 [% IF is_rtp -%]
diff --git a/templates/822_network-ports-ngcp-pro.yaml.tt2 b/templates/822_network-ports-ngcp-pro.yaml.tt2
index ddecbef..e12ce3c 100644
--- a/templates/822_network-ports-ngcp-pro.yaml.tt2
+++ b/templates/822_network-ports-ngcp-pro.yaml.tt2
@@ -12,6 +12,9 @@ port:
   udp:161:
     listening: true
     ip: ["127.0.0.1"]
+  udp6:161:
+    listening: true
+    ip: ["::1"]
 
   # Corosync
   udp:5405: