fix ipv4 rules

2024-11-21 21:58:44 +00:00 · 2023-10-27 11:03:55 +02:00 · 2023-10-27 11:03:55 +02:00 · 6b0171e214
commit 6b0171e214
parent faca19177e
1 changed files with 10 additions and 7 deletions
--- a/roles/pxeserver/templates/rules.v4
+++ b/roles/pxeserver/templates/rules.v4
@ -1,7 +1,7 @@
 *filter
-:INPUT DROP [2:72]
+:INPUT DROP [0:0]
-:FORWARD ACCEPT [0:0]
+:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [8441:830478]
+:OUTPUT ACCEPT [0:0]
 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -p icmp -m state --state NEW -j ACCEPT
 -A INPUT ! -i {{ lan_iface }} -m state --state NEW -j ACCEPT
@ -20,11 +20,14 @@
 -A INPUT -i {{ lan_iface }} -p tcp -m state --state NEW -m tcp --dport 4048 -j ACCEPT
 -A INPUT -i {{ lan_iface }} -p udp -m state --state NEW -m udp --dport 4048 -j ACCEPT
 -A FORWARD -i {{ lan_iface }} -o {{ lan_iface }} -j REJECT --reject-with icmp-port-unreachable
 -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -i {{ lan_iface }} -o {{ lan_iface }} -j REJECT --reject-with icmp-port-unreachable
 -A FORWARD -i {{ lan_iface }} -j ACCEPT
 COMMIT
 *nat
-:PREROUTING ACCEPT [72:10770]
+:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [68:10030]
+:INPUT ACCEPT [0:0]
-:OUTPUT ACCEPT [39:2999]
+:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [1:84]
+:POSTROUTING ACCEPT [0:0]
 -A POSTROUTING -o {{ wan_iface }} -j MASQUERADE
 COMMIT