I found this: Enable remote access to DB to a specific IP using the ferm role
Added Veeqo’s IP to /trellis/group_vars/all/secruity.yml like so:
- type: dport_accept
dport: [http, https]
filename: nginx_accept
- type: dport_accept
dport: [ssh]
saddr: "{{ ip_whitelist }}"
- type: dport_limit
dport: [ssh]
seconds: 300
hits: 20
- type: dport_accept
dport: [mysql]
saddr: "1.0.0.0.0" //not actual ip