about summary refs log tree commit diff stats
path: root/core
diff options
context:
space:
mode:
authorSilvino Silva <silvino@bk.ru>2018-07-20 17:51:29 +0100
committerSilvino Silva <silvino@bk.ru>2018-07-20 17:51:29 +0100
commitb6655563e76cc547fbdd834c155b482e3f88026c (patch)
treefc19965e9281871040084ee51da9f3e79c8c95ca /core
parenta689b25f8799c924c54898b118d6dac628389102 (diff)
downloaddoc-b6655563e76cc547fbdd834c155b482e3f88026c.tar.gz
release 0.3.6 fixes
Diffstat (limited to 'core')
-rw-r--r--core/scripts/iptables.sh13
1 files changed, 9 insertions, 4 deletions
diff --git a/core/scripts/iptables.sh b/core/scripts/iptables.sh
index db1078d..0516d94 100644
--- a/core/scripts/iptables.sh
+++ b/core/scripts/iptables.sh
@@ -271,9 +271,11 @@ case $TYPE in
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap3 --physdev-out tap2 -s ${BR_NET} -d ${BR_NET} -j ACCEPT
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out tap3 -s ${BR_NET} -d ${BR_NET} -j ACCEPT
 
-        # Tap1 can access external http
+        # Tap1 and Tap3 can access external http
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap1 -j cli_http_in
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap1 --physdev-out ${PUB_IF} -j cli_http_out
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap3 -j cli_http_in
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap3 --physdev-out ${PUB_IF} -j cli_http_out
 
         ####### Forward TAP2 ssh, http and https  ######
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_ssh_in
@@ -290,12 +292,15 @@ case $TYPE in
         #        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_dhcp
         #        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_dhcp
 
-        # Tap1 and Tap2 can access external https
+        # Tap1, Tap2 and Tap3 can access external https
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap1 --physdev-out ${PUB_IF} -j cli_https_out
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap1 -j cli_https_in
+
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j cli_https_out
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j cli_https_in
 
-        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap1 --physdev-out ${PUB_IF} -j cli_https_out
-        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap1 -j cli_https_in
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap3 --physdev-out ${PUB_IF} -j cli_https_out
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap3 -j cli_https_in
 
         #Less noise
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -p udp --dport 519 --sport 520 -j DROP