2017-02-07 01:16:16 +01:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
|
|
if [ "$IFACE" = "{{ interface }}" ]; then
|
|
|
|
|
iptables -F FORWARD
|
2017-02-07 01:22:19 +01:00
|
|
|
ip6tables -F FORWARD
|
2017-02-07 01:16:16 +01:00
|
|
|
iptables -P FORWARD REJECT
|
2017-02-07 01:22:19 +01:00
|
|
|
ip6tables -P FORWARD REJECT
|
2017-02-07 01:16:16 +01:00
|
|
|
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
|
2017-02-07 01:22:19 +01:00
|
|
|
ip6tables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
|
2017-02-07 01:16:16 +01:00
|
|
|
# DNS
|
|
|
|
|
iptables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
|
2017-02-07 01:22:19 +01:00
|
|
|
ip6tables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
|
2017-02-07 01:16:16 +01:00
|
|
|
# NTP
|
|
|
|
|
iptables -A FORWARD -i $IFACE -p udp --dport 123 -j ACCEPT
|
2017-02-07 01:22:19 +01:00
|
|
|
ip6tables -A FORWARD -i $IFACE -p udp --dport 123 -j ACCEPT
|
2017-02-07 01:16:16 +01:00
|
|
|
# collectd
|
|
|
|
|
iptables -A FORWARD -i $IFACE -p udp --dport 25826 -j ACCEPT
|
2017-02-07 01:22:19 +01:00
|
|
|
ip6tables -A FORWARD -i $IFACE -p udp --dport 25826 -j ACCEPT
|
2017-02-07 01:16:16 +01:00
|
|
|
fi
|
