diff options
| author | Silvino Silva <silvino@bk.ru> | 2018-06-12 20:09:49 +0100 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2018-06-12 20:09:49 +0100 |
| commit | d548aa0cf8497cfd4151768e5d85e1db858ee6d2 (patch) | |
| tree | 1c1d74c4ba4ab86b2b1481c613d499ce00e278fe /core/scripts/iptables.sh | |
| parent | f5a5ccbf1af61c4a70695b01187c32fd5ead2e76 (diff) | |
| download | doc-d548aa0cf8497cfd4151768e5d85e1db858ee6d2.tar.gz | |
fix iptables let ssh out if server
Diffstat (limited to 'core/scripts/iptables.sh')
| -rw-r--r-- | core/scripts/iptables.sh | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/core/scripts/iptables.sh b/core/scripts/iptables.sh index 2b4d68a..1304210 100644 --- a/core/scripts/iptables.sh +++ b/core/scripts/iptables.sh @@ -270,7 +270,7 @@ case $TYPE in $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap1 --physdev-out ${PUB_IF} -j cli_http_out ####### Forward TAP2 ssh and https ###### - $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -d ${BR_NET} -j srv_ssh_in + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_ssh_in $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_ssh_out $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_https_in @@ -296,11 +296,6 @@ case $TYPE in #Less noise $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -p tcp --sport 3030 --dport 1024:65535 -j DROP - $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -j cli_dns_in - $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -j cli_https_in - $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -j cli_git_in - $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -j cli_ssh_in - $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -s ${BR_NET} -m physdev --physdev-in tap2 -j srv_dns_in $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -s ${BR_NET} -m physdev --physdev-in tap1 -j srv_dns_in @@ -308,6 +303,11 @@ case $TYPE in $IPT -A INPUT -i ${BR_IF} -m physdev --physdev-in tap1 -j srv_dhcp $IPT -A INPUT -i ${BR_IF} -m physdev --physdev-in ${PUB_IF} -s ${GW} -d ${PUB_IP} -j srv_dhcp + $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -j cli_dns_in + $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -j cli_https_in + $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -j cli_git_in + $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -j cli_ssh_in + ####### Output Chain ###### $IPT -A OUTPUT -j blocker #Less noise @@ -324,6 +324,8 @@ case $TYPE in $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -j cli_https_out $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -j cli_https_out $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -j cli_git_out + $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d cli_ssh_out + ####### PostRouting Chain ###### #Less noise #$IPT -t nat -A POSTROUTING -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT |