diff options
| author | Silvino Silva <silvino@bk.ru> | 2018-05-06 15:05:18 +0100 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2018-05-06 15:05:18 +0100 |
| commit | a34bc1f0a639d73d644a448ac8b4cf5e2614e018 (patch) | |
| tree | 523794c8b441628ed5a69e35202ba016baec0897 /core | |
| parent | d476ab5f420b2f1b3c81d65856ecd7113976391b (diff) | |
| download | doc-a34bc1f0a639d73d644a448ac8b4cf5e2614e018.tar.gz | |
allow client https to tap2
Diffstat (limited to 'core')
| -rw-r--r-- | core/scripts/iptables.sh | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/core/scripts/iptables.sh b/core/scripts/iptables.sh index 41ce988..0f05b1f 100644 --- a/core/scripts/iptables.sh +++ b/core/scripts/iptables.sh @@ -54,9 +54,12 @@ case $TYPE in $IPT -A FORWARD -o ${BR_IF} -s ${PUB_IP} -d ${BR_NET} -j cli_ssh_out $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_rip + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_dhcp $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_dhcp - #$IPT -A FORWARD -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_ssh_out + + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j cli_https_out + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j cli_https_in ####### Input Chain ###### $IPT -A INPUT -j blocker @@ -78,6 +81,7 @@ case $TYPE in $IPT -A OUTPUT -j blocker #Less noise $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -p tcp --dport 3030 --sport 1024:65535 -j DROP + $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -p tcp --dport 80 --sport 1024:65535 -j DROP $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -j cli_dns_out $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -j cli_https_out |