From a34bc1f0a639d73d644a448ac8b4cf5e2614e018 Mon Sep 17 00:00:00 2001 From: Silvino Silva Date: Sun, 6 May 2018 15:05:18 +0100 Subject: allow client https to tap2 --- core/scripts/iptables.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'core') diff --git a/core/scripts/iptables.sh b/core/scripts/iptables.sh index 41ce988..0f05b1f 100644 --- a/core/scripts/iptables.sh +++ b/core/scripts/iptables.sh @@ -54,9 +54,12 @@ case $TYPE in $IPT -A FORWARD -o ${BR_IF} -s ${PUB_IP} -d ${BR_NET} -j cli_ssh_out $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_rip + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_dhcp $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_dhcp - #$IPT -A FORWARD -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_ssh_out + + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j cli_https_out + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j cli_https_in ####### Input Chain ###### $IPT -A INPUT -j blocker @@ -78,6 +81,7 @@ case $TYPE in $IPT -A OUTPUT -j blocker #Less noise $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -p tcp --dport 3030 --sport 1024:65535 -j DROP + $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -p tcp --dport 80 --sport 1024:65535 -j DROP $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -j cli_dns_out $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -j cli_https_out -- cgit 1.4.1-2-gfad0