Commit 47a01c9a by Bach Dániel

firewall: fix iptables template

parent 61b90140
...@@ -27,13 +27,21 @@ COMMIT ...@@ -27,13 +27,21 @@ COMMIT
-A LOG_ACC -j ACCEPT -A LOG_ACC -j ACCEPT
# initialize FORWARD chain # initialize FORWARD chain
{% if proto == "ipv4" %}
-A FORWARD -m set --match-set blacklist src,dst -j DROP -A FORWARD -m set --match-set blacklist src,dst -j DROP
{% endif %}
-A FORWARD -m state --state INVALID -g LOG_DROP -A FORWARD -m state --state INVALID -g LOG_DROP
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
{% if proto == "ipv4" %}
-A FORWARD -p icmp --icmp-type echo-request -g LOG_ACC -A FORWARD -p icmp --icmp-type echo-request -g LOG_ACC
{% else %}
-A FORWARD -p icmpv6 --icmpv6-type echo-request -g LOG_ACC
{% endif %}
# initialize INPUT chain # initialize INPUT chain
{% if proto == "ipv4" %}
-A INPUT -m set --match-set blacklist src -j DROP -A INPUT -m set --match-set blacklist src -j DROP
{% endif %}
-A INPUT -m state --state INVALID -g LOG_DROP -A INPUT -m state --state INVALID -g LOG_DROP
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment