network/salt/firewall/priv-stateful.sh

#!/bin/sh

export PATH=/sbin:/bin:/usr/sbin:/usr/bin

if echo "$IFACE" | grep priv >/dev/null; then
    iptables -F FORWARD
    ip6tables -F FORWARD
    iptables -P FORWARD DROP
    ip6tables -P FORWARD DROP
    iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
    ip6tables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
    # loopback
    iptables -A FORWARD -i lo -j ACCEPT
    ip6tables -A FORWARD -i lo -j ACCEPT
    # Trust priv
    iptables -A FORWARD -i $IFACE -j ACCEPT
    ip6tables -A FORWARD -i $IFACE -j ACCEPT
    # Deny by default
    iptables -A FORWARD -j REJECT
    ip6tables -A FORWARD -j REJECT
fi
add firewall.priv-stateful for priv13-gw 2018-04-14 21:42:54 +02:00			`#!/bin/sh`

			`export PATH=/sbin:/bin:/usr/sbin:/usr/bin`

firewall.priv-stateful: fix sh syntax 2018-04-14 21:49:28 +02:00			`if echo "$IFACE" \| grep priv >/dev/null; then`
add firewall.priv-stateful for priv13-gw 2018-04-14 21:42:54 +02:00			`iptables -F FORWARD`
			`ip6tables -F FORWARD`
			`iptables -P FORWARD DROP`
			`ip6tables -P FORWARD DROP`
			`iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT`
			`ip6tables -A FORWARD -m state --state ESTABLISHED -j ACCEPT`
			`# loopback`
			`iptables -A FORWARD -i lo -j ACCEPT`
			`ip6tables -A FORWARD -i lo -j ACCEPT`
firewall/priv-stateful: fix rules 2018-04-14 21:50:38 +02:00			`# Trust priv`
			`iptables -A FORWARD -i $IFACE -j ACCEPT`
			`ip6tables -A FORWARD -i $IFACE -j ACCEPT`
add firewall.priv-stateful for priv13-gw 2018-04-14 21:42:54 +02:00			`# Deny by default`
			`iptables -A FORWARD -j REJECT`
			`ip6tables -A FORWARD -j REJECT`
			`fi`