2017-02-07 01:16:16 +01:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
if [ "$IFACE" = "{{ interface }}" ]; then
|
|
|
|
iptables -F FORWARD
|
2017-02-07 01:22:19 +01:00
|
|
|
ip6tables -F FORWARD
|
2017-02-07 01:34:01 +01:00
|
|
|
iptables -P FORWARD DROP
|
|
|
|
ip6tables -P FORWARD DROP
|
2017-02-07 01:16:16 +01:00
|
|
|
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
|
2017-02-07 01:22:19 +01:00
|
|
|
ip6tables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
|
2017-02-07 01:16:16 +01:00
|
|
|
# DNS
|
|
|
|
iptables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
|
2017-02-07 01:22:19 +01:00
|
|
|
ip6tables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
|
2017-02-07 01:16:16 +01:00
|
|
|
# NTP
|
|
|
|
iptables -A FORWARD -i $IFACE -p udp --dport 123 -j ACCEPT
|
2017-02-07 01:22:19 +01:00
|
|
|
ip6tables -A FORWARD -i $IFACE -p udp --dport 123 -j ACCEPT
|
2017-02-07 01:16:16 +01:00
|
|
|
# collectd
|
|
|
|
iptables -A FORWARD -i $IFACE -p udp --dport 25826 -j ACCEPT
|
2017-02-07 01:22:19 +01:00
|
|
|
ip6tables -A FORWARD -i $IFACE -p udp --dport 25826 -j ACCEPT
|
2017-02-07 01:24:02 +01:00
|
|
|
# downloads.lede-project.org
|
|
|
|
iptables -A FORWARD -i $IFACE --dest 148.251.78.235 -j ACCEPT
|
2017-02-07 01:34:01 +01:00
|
|
|
ip6tables -A FORWARD -i $IFACE --dest 2a01:4f8:202:43ea::3 -j ACCEPT
|
|
|
|
# Deny by default
|
|
|
|
iptables -A FORWARD -j REJECT
|
|
|
|
ip6tables -A FORWARD -j REJECT
|
2017-02-07 01:16:16 +01:00
|
|
|
fi
|