diff options
| author | Silvino Silva <silvino@bk.ru> | 2018-07-20 17:51:29 +0100 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2018-07-20 17:51:29 +0100 |
| commit | b6655563e76cc547fbdd834c155b482e3f88026c (patch) | |
| tree | fc19965e9281871040084ee51da9f3e79c8c95ca /core | |
| parent | a689b25f8799c924c54898b118d6dac628389102 (diff) | |
| download | doc-b6655563e76cc547fbdd834c155b482e3f88026c.tar.gz | |
release 0.3.6 fixes
Diffstat (limited to 'core')
| -rw-r--r-- | core/scripts/iptables.sh | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/core/scripts/iptables.sh b/core/scripts/iptables.sh index db1078d..0516d94 100644 --- a/core/scripts/iptables.sh +++ b/core/scripts/iptables.sh @@ -271,9 +271,11 @@ case $TYPE in $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap3 --physdev-out tap2 -s ${BR_NET} -d ${BR_NET} -j ACCEPT $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out tap3 -s ${BR_NET} -d ${BR_NET} -j ACCEPT - # Tap1 can access external http + # Tap1 and Tap3 can access external http $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap1 -j cli_http_in $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap1 --physdev-out ${PUB_IF} -j cli_http_out + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap3 -j cli_http_in + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap3 --physdev-out ${PUB_IF} -j cli_http_out ####### Forward TAP2 ssh, http and https ###### $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_ssh_in @@ -290,12 +292,15 @@ case $TYPE in # $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_dhcp # $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_dhcp - # Tap1 and Tap2 can access external https + # Tap1, Tap2 and Tap3 can access external https + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap1 --physdev-out ${PUB_IF} -j cli_https_out + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap1 -j cli_https_in + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j cli_https_out $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j cli_https_in - $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap1 --physdev-out ${PUB_IF} -j cli_https_out - $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap1 -j cli_https_in + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap3 --physdev-out ${PUB_IF} -j cli_https_out + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap3 -j cli_https_in #Less noise $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -p udp --dport 519 --sport 520 -j DROP |