From 2c1d3f36ebbbddb404f225ba1be03397e424a3a5 Mon Sep 17 00:00:00 2001 From: Niklas Yann Wettengel Date: Thu, 12 Apr 2018 19:32:37 +0200 Subject: drop fastd traffic from freifunk --- roles/configure_iptables/templates/ip6tables.rules | 1 + roles/configure_iptables/templates/iptables.rules | 1 + 2 files changed, 2 insertions(+) diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules index c0ec379..bee7c48 100644 --- a/roles/configure_iptables/templates/ip6tables.rules +++ b/roles/configure_iptables/templates/ip6tables.rules @@ -45,6 +45,7 @@ COMMIT # ntp -A INPUT -p udp -m udp --dport 123 -j ACCEPT # fastd +-A INPUT -s 2a03:2260:1016::/48 -p udp -m udp --dport 10010:10021 -j DROP -A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT # wireguard_mesh {% for site in sites %} diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules index a3ee47e..9a71279 100644 --- a/roles/configure_iptables/templates/iptables.rules +++ b/roles/configure_iptables/templates/iptables.rules @@ -47,6 +47,7 @@ COMMIT # ntp -A INPUT -p udp -m udp --dport 123 -j ACCEPT # fastd +-A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10021 -j DROP -A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT {% endif %} # MOSH -- cgit v1.2.3-54-g00ecf