paspo/brasatore
1
0
Fork 0
mirror of https://git.libreschool.org/paspo/brasatore.git synced 2024-11-21 21:58:44 +00:00
Code Issues Packages Releases Activity

fix ipv4 rules

Browse Source
This commit is contained in:
Paolo Asperti 2023-10-27 11:03:55 +02:00
parent faca19177e
commit 6b0171e214
Signed by: paspo
GPG Key ID: 06D46905D19D5182
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
roles/pxeserver/templates/rules.v4
View File

@ -1,7 +1,7 @@
*filter
:INPUT DROP [2:72]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8441:830478]
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m state --state NEW -j ACCEPT
-A INPUT ! -i {{ lan_iface }} -m state --state NEW -j ACCEPT
@ -20,11 +20,14 @@
-A INPUT -i {{ lan_iface }} -p tcp -m state --state NEW -m tcp --dport 4048 -j ACCEPT
-A INPUT -i {{ lan_iface }} -p udp -m state --state NEW -m udp --dport 4048 -j ACCEPT
-A FORWARD -i {{ lan_iface }} -o {{ lan_iface }} -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i {{ lan_iface }} -o {{ lan_iface }} -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i {{ lan_iface }} -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [72:10770]
:INPUT ACCEPT [68:10030]
:OUTPUT ACCEPT [39:2999]
:POSTROUTING ACCEPT [1:84]
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o {{ wan_iface }} -j MASQUERADE
COMMIT