diff options
author | Christian Pointner <equinox@spreadspace.org> | 2019-01-12 16:59:21 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2019-01-12 16:59:21 +0100 |
commit | fbf61c6c22cab8d272e8b975e5336cf6e384c07e (patch) | |
tree | 6f05a9ae8708d2cd005b8970456b5c16f8a9ad00 | |
parent | fix acme in for ele-media (diff) |
nicer firewall script
-rw-r--r-- | inventory/group_vars/dolmetsch-ctl/main.yml | 15 | ||||
-rw-r--r-- | inventory/host_vars/ele-router.yml | 11 |
2 files changed, 14 insertions, 12 deletions
diff --git a/inventory/group_vars/dolmetsch-ctl/main.yml b/inventory/group_vars/dolmetsch-ctl/main.yml index cd9255f8..d1ffc8ae 100644 --- a/inventory/group_vars/dolmetsch-ctl/main.yml +++ b/inventory/group_vars/dolmetsch-ctl/main.yml @@ -62,14 +62,15 @@ openwrt_mixin: START=22 STOP=91 - MGMT_IF=$(uci get network.mgmt.ifname) - MGMT_IPADDR=$(uci get network.mgmt.ipaddr) - MGMT_NETMASK=$(uci get network.mgmt.netmask) - MIXER_IF=br-mixer - MIXER_IPADDR=$(uci get network.mixer.ipaddr) - MIXER_NETMASK=$(uci get network.mixer.netmask) - start() { + MGMT_IF=$(uci get network.mgmt.ifname) + MGMT_IPADDR=$(uci get network.mgmt.ipaddr) + MGMT_NETMASK=$(uci get network.mgmt.netmask) + MIXER_IF=br-mixer + MIXER_IPADDR=$(uci get network.mixer.ipaddr) + MIXER_NETMASK=$(uci get network.mixer.netmask) + + iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT iptables -A INPUT -i "$MGMT_IF" -d "$MGMT_IPADDR" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT diff --git a/inventory/host_vars/ele-router.yml b/inventory/host_vars/ele-router.yml index 826a25cb..a4bcd4ce 100644 --- a/inventory/host_vars/ele-router.yml +++ b/inventory/host_vars/ele-router.yml @@ -184,12 +184,13 @@ openwrt_mixin: START=22 STOP=91 - WAN_IF=$(uci get network.wan.ifname) - MGMT_IF=$(uci get network.mgmt.ifname) - MGMT_IPADDR=$(uci get network.mgmt.ipaddr) - MGMT_NETMASK=$(uci get network.mgmt.netmask) - start() { + WAN_IF=$(uci get network.wan.ifname) + MGMT_IF=$(uci get network.mgmt.ifname) + MGMT_IPADDR=$(uci get network.mgmt.ipaddr) + MGMT_NETMASK=$(uci get network.mgmt.netmask) + + iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT iptables -A INPUT -i "$MGMT_IF" -d "$MGMT_IPADDR" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT |