network/salt/upstream/iptables

#!/bin/sh

export PATH=/sbin:/bin:/usr/sbin:/usr/bin

if [ "$IFACE" = "lo" ]; then
   iptables -I INPUT -i lo -j ACCEPT
   ip6tables -I INPUT -i lo -j ACCEPT
fi
if [ "$IFACE" = "{{ interface }}" ]; then
   iptables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
   ip6tables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
   iptables -A INPUT -i "$IFACE" -p icmp -j ACCEPT
   ip6tables -A INPUT -i "$IFACE" -p icmpv6 -j ACCEPT
   # DHCPv6
   ip6tables -A INPUT -i "$IFACE" -p udp --sport 547 --dport 546 -j ACCEPT
   iptables -A INPUT -i "$IFACE" -j DROP
   ip6tables -A INPUT -i "$IFACE" -j DROP
   iptables -P INPUT ACCEPT
   ip6tables -P INPUT ACCEPT
fi
upstream iptables 2016-11-14 00:40:55 +01:00			`#!/bin/sh`

/etc/network/if-{pre-,}up.d/*: export PATH 2017-11-12 00:33:29 +01:00			`export PATH=/sbin:/bin:/usr/sbin:/usr/bin`

upstream, mgmt-gw: ip{,6}tables -i lo -j ACCEPT 2018-01-20 18:43:19 +01:00			`if [ "$IFACE" = "lo" ]; then`
			`iptables -I INPUT -i lo -j ACCEPT`
			`ip6tables -I INPUT -i lo -j ACCEPT`
			`fi`
this is the shit 2016-11-15 01:33:17 +01:00			`if [ "$IFACE" = "{{ interface }}" ]; then`
hot-fixes 2016-11-14 23:44:13 +01:00			`iptables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT`
upstream, mgmt-gw: ip{,6}tables -i lo -j ACCEPT 2018-01-20 18:43:19 +01:00			`ip6tables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT`
upstream.iptables: default to accept icmp 2018-04-15 20:42:55 +02:00			`iptables -A INPUT -i "$IFACE" -p icmp -j ACCEPT`
upstream: accept icmpv6 2018-09-13 23:46:28 +02:00			`ip6tables -A INPUT -i "$IFACE" -p icmpv6 -j ACCEPT`
upstream1: prepare dhcp6 2018-06-22 23:06:34 +02:00			`# DHCPv6`
			`ip6tables -A INPUT -i "$IFACE" -p udp --sport 547 --dport 546 -j ACCEPT`
upstream iptables 2016-11-14 00:40:55 +01:00			`iptables -A INPUT -i "$IFACE" -j DROP`
upstream, mgmt-gw: ip{,6}tables -i lo -j ACCEPT 2018-01-20 18:43:19 +01:00			`ip6tables -A INPUT -i "$IFACE" -j DROP`
upstream iptables 2016-11-14 00:40:55 +01:00			`iptables -P INPUT ACCEPT`
upstream, mgmt-gw: ip{,6}tables -i lo -j ACCEPT 2018-01-20 18:43:19 +01:00			`ip6tables -P INPUT ACCEPT`
upstream iptables 2016-11-14 00:40:55 +01:00			`fi`