diff options
Diffstat (limited to 'core')
-rw-r--r-- | core/conf/iptables/bridge.v4 | 35 | ||||
-rw-r--r-- | core/conf/iptables/ipt-bridge.sh | 4 |
2 files changed, 22 insertions, 17 deletions
diff --git a/core/conf/iptables/bridge.v4 b/core/conf/iptables/bridge.v4 index 35bfef4..4930262 100644 --- a/core/conf/iptables/bridge.v4 +++ b/core/conf/iptables/bridge.v4 @@ -1,34 +1,34 @@ -# Generated by iptables-save v1.8.2 on Wed Jun 26 15:44:59 2019 +# Generated by iptables-save v1.8.2 on Fri Jun 28 01:22:10 2019 *security :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT -# Completed on Wed Jun 26 15:44:59 2019 -# Generated by iptables-save v1.8.2 on Wed Jun 26 15:44:59 2019 +# Completed on Fri Jun 28 01:22:10 2019 +# Generated by iptables-save v1.8.2 on Fri Jun 28 01:22:10 2019 *raw -:PREROUTING ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] +:PREROUTING ACCEPT [2:80] +:OUTPUT ACCEPT [3:4544] COMMIT -# Completed on Wed Jun 26 15:44:59 2019 -# Generated by iptables-save v1.8.2 on Wed Jun 26 15:44:59 2019 +# Completed on Fri Jun 28 01:22:10 2019 +# Generated by iptables-save v1.8.2 on Fri Jun 28 01:22:10 2019 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT -# Completed on Wed Jun 26 15:44:59 2019 -# Generated by iptables-save v1.8.2 on Wed Jun 26 15:44:59 2019 +# Completed on Fri Jun 28 01:22:10 2019 +# Generated by iptables-save v1.8.2 on Fri Jun 28 01:22:10 2019 *mangle -:PREROUTING ACCEPT [0:0] -:INPUT ACCEPT [0:0] +:PREROUTING ACCEPT [2:80] +:INPUT ACCEPT [2:80] :FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] -:POSTROUTING ACCEPT [0:0] +:OUTPUT ACCEPT [3:4544] +:POSTROUTING ACCEPT [2:2292] COMMIT -# Completed on Wed Jun 26 15:44:59 2019 -# Generated by iptables-save v1.8.2 on Wed Jun 26 15:44:59 2019 +# Completed on Fri Jun 28 01:22:10 2019 +# Generated by iptables-save v1.8.2 on Fri Jun 28 01:22:10 2019 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] @@ -91,6 +91,9 @@ COMMIT -A FORWARD -d 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j srv_ssh_in -A FORWARD -d 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j srv_git_in -A FORWARD -i br0 -o br0 -p tcp -m physdev --physdev-in enp8s0 -m tcp --sport 443 --dport 1024:65535 -j ACCEPT +-A FORWARD -d 10.0.0.3/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j cli_http_in +-A FORWARD -i br0 -o br0 -p udp -m udp --sport 520 --dport 519 -j DROP +-A FORWARD -i br0 -o br0 -p udp -m udp --sport 520 --dport 520 -j DROP -A FORWARD -j LOG --log-prefix "iptables: FORWARD: " --log-level 7 -A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -o lo -j ACCEPT -A OUTPUT -s 10.0.0.254/32 -d 10.0.0.254/32 -o lo -j ACCEPT @@ -217,4 +220,4 @@ COMMIT -A srv_ssh_out -p tcp -m tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT -A srv_ssh_out -j RETURN COMMIT -# Completed on Wed Jun 26 15:44:59 2019 +# Completed on Fri Jun 28 01:22:10 2019 diff --git a/core/conf/iptables/ipt-bridge.sh b/core/conf/iptables/ipt-bridge.sh index 6dbeb87..694c22f 100644 --- a/core/conf/iptables/ipt-bridge.sh +++ b/core/conf/iptables/ipt-bridge.sh @@ -50,8 +50,10 @@ $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -d 10. $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -d 10.0.0.4 -j srv_git_in $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -p tcp --sport 443 --dport 1024:65535 -j ACCEPT +$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -d 10.0.0.3 -j cli_http_in ##Less noise -#$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -p udp --dport 519 --sport 520 -j DROP +$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -p udp --dport 519 --sport 520 -j DROP +$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -p udp --dport 520 --sport 520 -j DROP ######## Input Chain ###### $IPT -A INPUT -j blocker |