From 58e999356d69f9bf76a389aa69cb8c7295ad75f9 Mon Sep 17 00:00:00 2001 From: Niklas Yann Wettengel Date: Sat, 28 Sep 2019 23:11:46 +0200 Subject: ffww --- roles/configure_iptables/templates/ip6tables.rules | 4 ++-- roles/configure_iptables/templates/iptables.rules | 8 ++++++-- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'roles/configure_iptables/templates') diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules index d194ae6..ab40344 100644 --- a/roles/configure_iptables/templates/ip6tables.rules +++ b/roles/configure_iptables/templates/ip6tables.rules @@ -49,8 +49,8 @@ COMMIT # ntp -A INPUT -p udp -m udp --dport 123 -j ACCEPT # fastd --A INPUT -s 2a03:2260:1016::/48 -p udp -m udp --dport 10010:10021 -j DROP --A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT +-A INPUT -s 2a03:2260:1016::/48 -p udp -m udp --dport 10010:10023 -j DROP +-A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT # respondd -A INPUT -i bat+ -p udp -m udp --dport 1001 -j ACCEPT # wireguard_mesh diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules index 3f0c6a1..8e3e3c8 100644 --- a/roles/configure_iptables/templates/iptables.rules +++ b/roles/configure_iptables/templates/iptables.rules @@ -40,6 +40,7 @@ COMMIT # SSH-Server -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT # iperf3 +-A INPUT -p tcp -m tcp -s 10.30.0.0/18 --dport 5201 -j ACCEPT -A INPUT -p tcp -m tcp -s 10.222.0.0/16 --dport 5201 -j ACCEPT {% if 'fastd' in group_names %} @@ -53,8 +54,9 @@ COMMIT # ntp -A INPUT -p udp -m udp --dport 123 -j ACCEPT # fastd --A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10021 -j DROP --A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT +-A INPUT -s 10.30.0.0/18 -p udp -m udp --dport 10010:10023 -j DROP +-A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10023 -j DROP +-A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT {% endif %} # MOSH -A INPUT -p udp -m udp --dport 60000:61000 -j ACCEPT @@ -80,6 +82,8 @@ COMMIT -A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT -A FORWARD -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +-A FORWARD -d 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +-A FORWARD -s 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu COMMIT *nat -- cgit v1.2.3-54-g00ecf