ansible-roles/common
1
0
Fork 0
Code Issues 2 Releases Activity

Improve iptables rules

Browse source
This commit is contained in:
Alex Kotov 2020-01-14 14:13:39 +05:00
parent 5fef468d6c
commit 2743de5856
Signed by: kotovalexarian
GPG key ID: 553C0EBBEB5D5F08
2 changed files with 6 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
templates/rules.v4
View file

@ -17,13 +17,9 @@
-A INPUT ! -i lo -s 127.0.0.0/8 -j REJECT
-A OUTPUT -o lo -j ACCEPT
# Allow all outgoing clearnet traffic.
-A OUTPUT -o eth0 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED -j ACCEPT
# Allow all outgoing private network traffic.
-A OUTPUT -o eth1 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -m conntrack --ctstate ESTABLISHED -j ACCEPT
# Allow all outgoing traffic.
-A OUTPUT -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
# Allow incoming ICMP ping.
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

10
templates/rules.v6
View file

@ -17,13 +17,9 @@
-A INPUT ! -i lo -s ::/128 -j REJECT
-A OUTPUT -o lo -j ACCEPT
# Allow all outgoing clearnet traffic.
-A OUTPUT -o eth0 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED -j ACCEPT
# Allow all outgoing private network traffic.
-A OUTPUT -o eth1 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -m conntrack --ctstate ESTABLISHED -j ACCEPT
# Allow all outgoing traffic.
-A OUTPUT -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
# Allow incoming ICMPv6 ping.
-A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT