external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Update iiab-gen-iptables

Browse source
This commit is contained in:
A Holt 2018-10-03 14:47:21 -04:00 committed by GitHub
parent e713a0705b
commit a73c638181
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
roles/network/templates/gateway/iiab-gen-iptables
View file

@ -9,7 +9,7 @@ IPTABLES_DATA=/etc/sysconfig/iptables
{% endif %}
LANIF=$IIAB_LAN_DEVICE
WANIF=$IIAB_WAN_DEVICE
MODE=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'`
MODE=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'`
clear_fw() {
$IPTABLES -F
@ -26,7 +26,7 @@ $IPTABLES -A INPUT -p udp --dport 111 -j DROP
# mysql
$IPTABLES -A INPUT -p tcp --dport 3306 -j DROP
$IPTABLES -A INPUT -p udp --dport 3306 -j DROP
# postgre - not needed listens on lo only
# postgres - not needed listens on lo only
$IPTABLES -A INPUT -p tcp --dport 5432 -j DROP
$IPTABLES -A INPUT -p udp --dport 5432 -j DROP
# couchdb
@ -34,7 +34,7 @@ $IPTABLES -A INPUT -p tcp --dport 5984 -j DROP
$IPTABLES -A INPUT -p udp --dport 5984 -j DROP
}
if [ "x$WANIF" == "xnone" ] || [ "$MODE" == 'Appliance' ]; then
if [ "x$WANIF" == "xnone" ] || [ "$MODE" == "Appliance" ]; then
clear_fw
# save the rule set
{% if is_debuntu %}
@ -111,20 +111,20 @@ if [ "$gw_block_https" == "True" ]; then
fi
# Allow outgoing connections from the LAN side.
if ! [ "$py_captive_portal_enabled" == "True" ];then
if ! [ "$py_captive_portal_enabled" == "True" ]; then
$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
fi
# Don't forward from the outside to the inside.
$IPTABLES -A FORWARD -i $wan -o $lan -j DROP
$IPTABLES -A INPUT -i $wan -j DROP
if [ "$block_DNS" == "True" ];then
if [ "$block_DNS" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53
$IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53
fi
if [ "$py_captive_portal_enabled" == "True" ];then
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:{{ py_captive_portal_port }}
if [ "$py_captive_portal_enabled" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:{{ py_captive_portal_port }}
fi
if [ "$HTTPCACHE_ON" == "True" ]; then