about summary refs log tree commit diff stats
path: root/core/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'core/scripts')
-rw-r--r--core/scripts/iptables.sh13
1 files changed, 9 insertions, 4 deletions
diff --git a/core/scripts/iptables.sh b/core/scripts/iptables.sh
index db1078d..0516d94 100644
--- a/core/scripts/iptables.sh
+++ b/core/scripts/iptables.sh
@@ -271,9 +271,11 @@ case $TYPE in
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap3 --physdev-out tap2 -s ${BR_NET} -d ${BR_NET} -j ACCEPT
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out tap3 -s ${BR_NET} -d ${BR_NET} -j ACCEPT
 
-        # Tap1 can access external http
+        # Tap1 and Tap3 can access external http
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap1 -j cli_http_in
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap1 --physdev-out ${PUB_IF} -j cli_http_out
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap3 -j cli_http_in
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap3 --physdev-out ${PUB_IF} -j cli_http_out
 
         ####### Forward TAP2 ssh, http and https  ######
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_ssh_in
@@ -290,12 +292,15 @@ case $TYPE in
         #        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_dhcp
         #        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_dhcp
 
-        # Tap1 and Tap2 can access external https
+        # Tap1, Tap2 and Tap3 can access external https
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap1 --physdev-out ${PUB_IF} -j cli_https_out
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap1 -j cli_https_in
+
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j cli_https_out
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j cli_https_in
 
-        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap1 --physdev-out ${PUB_IF} -j cli_https_out
-        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap1 -j cli_https_in
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap3 --physdev-out ${PUB_IF} -j cli_https_out
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap3 -j cli_https_in
 
         #Less noise
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -p udp --dport 519 --sport 520 -j DROP
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-11-02 21:05:58 +0000