diff options
author | Christian Pointner <equinox@spreadspace.org> | 2018-12-30 12:21:13 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2018-12-30 12:21:13 +0100 |
commit | e8ad5a7ccaede91d32bfe2eafd0490cbcc4fd257 (patch) | |
tree | 1f7d80bf1683ade3a014a766b75adc320b3a7ea5 | |
parent | make accesspoint group a little bit more generic (diff) |
dolmetsch-ctl: also block potentially forwarded traffic with iptables
-rw-r--r-- | inventory/group_vars/dolmetsch-ctl/main.yml | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/inventory/group_vars/dolmetsch-ctl/main.yml b/inventory/group_vars/dolmetsch-ctl/main.yml index d2b8b2c1..d81a141f 100644 --- a/inventory/group_vars/dolmetsch-ctl/main.yml +++ b/inventory/group_vars/dolmetsch-ctl/main.yml @@ -68,11 +68,13 @@ openwrt_mixin: iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i "$MGMT_IF" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT iptables -P INPUT DROP + iptables -P FORWARD DROP } stop() { iptables -P INPUT ACCEPT iptables -F INPUT + iptables -P FORWARD ACCEPT } |