zentralwerk/network
zentralwerk
/
network
12
4
Fork 2
Code Issues 3 Pull Requests 1 Releases Wiki Activity

firewall.mgmt-gw: fixes

This commit is contained in:
Astro 2017-02-07 01:34:01 +01:00
parent 4a578f67e6
commit 2ea56e8e4e
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
salt/firewall/mgmt-gw.sh
View File

@ -3,8 +3,8 @@
if [ "$IFACE" = "{{ interface }}" ]; then
iptables -F FORWARD
ip6tables -F FORWARD
iptables -P FORWARD REJECT
ip6tables -P FORWARD REJECT
iptables -P FORWARD DROP
ip6tables -P FORWARD DROP
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
ip6tables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
# DNS
@ -18,5 +18,8 @@ if [ "$IFACE" = "{{ interface }}" ]; then
ip6tables -A FORWARD -i $IFACE -p udp --dport 25826 -j ACCEPT
# downloads.lede-project.org
iptables -A FORWARD -i $IFACE --dest 148.251.78.235 -j ACCEPT
iptables -A FORWARD -i $IFACE --dest 2a01:4f8:202:43ea::3 -j ACCEPT
ip6tables -A FORWARD -i $IFACE --dest 2a01:4f8:202:43ea::3 -j ACCEPT
# Deny by default
iptables -A FORWARD -j REJECT
ip6tables -A FORWARD -j REJECT
fi