upstream, mgmt-gw: ip{,6}tables -i lo -j ACCEPT
This commit is contained in:
parent
44861a4ba6
commit
13c6405b86
|
@ -9,6 +9,9 @@ if [ "$IFACE" = "{{ interface }}" ]; then
|
||||||
ip6tables -P FORWARD DROP
|
ip6tables -P FORWARD DROP
|
||||||
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
|
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
|
||||||
ip6tables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
|
ip6tables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
|
||||||
|
# loopback
|
||||||
|
iptables -A FORWARD -i lo -j ACCEPT
|
||||||
|
ip6tables -A FORWARD -i lo -j ACCEPT
|
||||||
# DNS
|
# DNS
|
||||||
iptables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
|
iptables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
|
||||||
ip6tables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
|
ip6tables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
|
||||||
|
|
|
@ -2,8 +2,15 @@
|
||||||
|
|
||||||
export PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
export PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
|
||||||
|
if [ "$IFACE" = "lo" ]; then
|
||||||
|
iptables -I INPUT -i lo -j ACCEPT
|
||||||
|
ip6tables -I INPUT -i lo -j ACCEPT
|
||||||
|
fi
|
||||||
if [ "$IFACE" = "{{ interface }}" ]; then
|
if [ "$IFACE" = "{{ interface }}" ]; then
|
||||||
iptables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
|
iptables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
|
ip6tables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
iptables -A INPUT -i "$IFACE" -j DROP
|
iptables -A INPUT -i "$IFACE" -j DROP
|
||||||
|
ip6tables -A INPUT -i "$IFACE" -j DROP
|
||||||
iptables -P INPUT ACCEPT
|
iptables -P INPUT ACCEPT
|
||||||
|
ip6tables -P INPUT ACCEPT
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in New Issue