zentralwerk/network
zentralwerk
/
network
12
4
Fork 2
Code Issues 3 Pull Requests 1 Releases Wiki Activity

upstream, mgmt-gw: ip{,6}tables -i lo -j ACCEPT

This commit is contained in:
Astro 2018-01-20 18:43:19 +01:00
parent 44861a4ba6
commit 13c6405b86
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
salt/firewall/mgmt-gw.sh
View File

@ -9,6 +9,9 @@ if [ "$IFACE" = "{{ interface }}" ]; then
ip6tables -P FORWARD DROP
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
ip6tables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
# loopback
iptables -A FORWARD -i lo -j ACCEPT
ip6tables -A FORWARD -i lo -j ACCEPT
# DNS
iptables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
ip6tables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT

7
salt/upstream/iptables
View File

@ -2,8 +2,15 @@
export PATH=/sbin:/bin:/usr/sbin:/usr/bin
if [ "$IFACE" = "lo" ]; then
iptables -I INPUT -i lo -j ACCEPT
ip6tables -I INPUT -i lo -j ACCEPT
fi
if [ "$IFACE" = "{{ interface }}" ]; then
iptables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i "$IFACE" -j DROP
ip6tables -A INPUT -i "$IFACE" -j DROP
iptables -P INPUT ACCEPT
ip6tables -P INPUT ACCEPT
fi