diff options
Diffstat (limited to 'roles/configure_iptables/templates')
-rw-r--r-- | roles/configure_iptables/templates/ip6tables.rules | 10 | ||||
-rw-r--r-- | roles/configure_iptables/templates/iptables.rules | 8 |
2 files changed, 10 insertions, 8 deletions
diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules index 5bb058c..5667a83 100644 --- a/roles/configure_iptables/templates/ip6tables.rules +++ b/roles/configure_iptables/templates/ip6tables.rules @@ -31,13 +31,15 @@ COMMIT # SSH-Server -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT +# nginx +-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT +# munin +-A INPUT -p tcp -m tcp --dport 4949 -j ACCEPT {% if 'fastd' in group_names %} # dns -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -p udp -m udp --dport 53 -j ACCEPT -# nginx --A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # ntp -A INPUT -p udp -m udp --dport 123 -j ACCEPT # fastd @@ -85,8 +87,8 @@ COMMIT -A FORWARD -o {{ ansible_default_ipv6.interface }} -j REJECT {% if 'ffrl_uplink' in group_names %} {% for peer in ffrl_peers %} -iptables -A FORWARD -i {{ peer.name }} -d 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -iptables -A FORWARD -o {{ peer.name }} -s 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +-A FORWARD -i {{ peer.name }} -d 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +-A FORWARD -o {{ peer.name }} -s 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu {% endfor %} {% endif %} COMMIT diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules index 3c750f9..c568e4e 100644 --- a/roles/configure_iptables/templates/iptables.rules +++ b/roles/configure_iptables/templates/iptables.rules @@ -31,6 +31,8 @@ COMMIT # SSH-Server -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT +# nginx +-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT {% if 'fastd' in group_names %} # dns @@ -40,8 +42,6 @@ COMMIT {% for site in sites %} -I INPUT -i bat{{ site.name }} -p udp --dport 67:68 --sport 67:68 -j ACCEPT {% endfor %} -# nginx --A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # ntp -A INPUT -p udp -m udp --dport 123 -j ACCEPT # fastd @@ -71,8 +71,8 @@ COMMIT -A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT {% if 'ffrl_uplink' in group_names %} {% for peer in ffrl_peers %} -iptables -A FORWARD -i {{ peer.name }} -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -iptables -A FORWARD -o {{ peer.name }} -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +-A FORWARD -i {{ peer.name }} -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +-A FORWARD -o {{ peer.name }} -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu {% endfor %} {% endif %} |