diff options
author | Christian Pointner <equinox@spreadspace.org> | 2019-07-10 13:14:07 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2019-07-10 13:14:07 +0200 |
commit | e6ffe4f0d51afd98f4649f682028c40dffec272c (patch) | |
tree | ee1ba0d2b429eb21d262edebff2ab52bded32833 | |
parent | ch-router: added firewall script (diff) |
ch-router: fix firewall script
-rw-r--r-- | inventory/host_vars/ch-router.yml | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/inventory/host_vars/ch-router.yml b/inventory/host_vars/ch-router.yml index 3a5f8e43..deaf0371 100644 --- a/inventory/host_vars/ch-router.yml +++ b/inventory/host_vars/ch-router.yml @@ -63,12 +63,13 @@ openwrt_mixin: SVC_IPADDR=$(uci get "network.svc.ipaddr") SVC_NETMASK=$(uci get "network.svc.netmask") + SSH_PORT=$(uci get dropbear.@dropbear[0].Port) iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT iptables -A INPUT -i "$MGMT_IF" -d "$MGMT_IPADDR" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT iptables -A INPUT -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p icmp -j ACCEPT - iptables -A INPUT -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 22000 -j ACCEPT + iptables -A INPUT -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport "$SSH_PORT" -j ACCEPT iptables -A INPUT -i "$MAGENTA_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -i "$SVC_IF" -p icmp -d "$SVC_IPADDR" -s "$SVC_IPADDR/$SVC_NETMASK" -j ACCEPT |