Allow to prepend iptables rules
This commit is contained in:
parent
5f1ddcc519
commit
be19a68185
|
@ -3,9 +3,11 @@ common__basics__additional_packages: []
|
|||
|
||||
common__iptables__state: install
|
||||
common__iptables__drop_by_default: false
|
||||
common__iptables__v4_filter: null
|
||||
common__iptables__v6_filter: null
|
||||
common__iptables__allow_output_ifaces: []
|
||||
common__iptables__v4_filter_prepend: null
|
||||
common__iptables__v4_filter_append: null
|
||||
common__iptables__v6_filter_prepend: null
|
||||
common__iptables__v6_filter_append: null
|
||||
|
||||
common__certbot__state: install
|
||||
common__certbot__run: true
|
||||
|
|
|
@ -11,6 +11,8 @@
|
|||
-F
|
||||
-X
|
||||
|
||||
{{ common__iptables__v4_filter_prepend }}
|
||||
|
||||
# Allow all loopback (lo) traffic and reject anything
|
||||
# to localhost that does not originate from lo.
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
|
@ -46,6 +48,6 @@
|
|||
-A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
||||
-A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
||||
|
||||
{{ common__iptables__v4_filter }}
|
||||
{{ common__iptables__v4_filter_append }}
|
||||
|
||||
COMMIT
|
||||
|
|
|
@ -11,6 +11,8 @@
|
|||
-F
|
||||
-X
|
||||
|
||||
{{ common__iptables__v6_filter_prepend }}
|
||||
|
||||
# Allow all loopback (lo) traffic and reject anything
|
||||
# to localhost that does not originate from lo.
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
|
@ -57,6 +59,6 @@
|
|||
-A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
||||
-A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
||||
|
||||
{{ common__iptables__v6_filter }}
|
||||
{{ common__iptables__v6_filter_append }}
|
||||
|
||||
COMMIT
|
||||
|
|
Loading…
Reference in New Issue