forked from zentralwerk/network
upstream, mgmt-gw: ip{,6}tables -i lo -j ACCEPT
This commit is contained in:
parent
44861a4ba6
commit
13c6405b86
|
@ -9,6 +9,9 @@ if [ "$IFACE" = "{{ interface }}" ]; then
|
|||
ip6tables -P FORWARD DROP
|
||||
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
|
||||
ip6tables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
|
||||
# loopback
|
||||
iptables -A FORWARD -i lo -j ACCEPT
|
||||
ip6tables -A FORWARD -i lo -j ACCEPT
|
||||
# DNS
|
||||
iptables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
|
||||
ip6tables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
|
||||
|
|
|
@ -2,8 +2,15 @@
|
|||
|
||||
export PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||
|
||||
if [ "$IFACE" = "lo" ]; then
|
||||
iptables -I INPUT -i lo -j ACCEPT
|
||||
ip6tables -I INPUT -i lo -j ACCEPT
|
||||
fi
|
||||
if [ "$IFACE" = "{{ interface }}" ]; then
|
||||
iptables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
ip6tables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
iptables -A INPUT -i "$IFACE" -j DROP
|
||||
ip6tables -A INPUT -i "$IFACE" -j DROP
|
||||
iptables -P INPUT ACCEPT
|
||||
ip6tables -P INPUT ACCEPT
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue