dolmetsch-ctl: also block potentially forwarded traffic with iptables

author: Christian Pointner <equinox@spreadspace.org> 2018-12-30 12:21:13 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2018-12-30 12:21:13 +0100
commit: e8ad5a7ccaede91d32bfe2eafd0490cbcc4fd257 (patch)
tree: 1f7d80bf1683ade3a014a766b75adc320b3a7ea5 /inventory/group_vars/dolmetsch-ctl/main.yml
parent: make accesspoint group a little bit more generic (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/inventory/group_vars/dolmetsch-ctl/main.yml b/inventory/group_vars/dolmetsch-ctl/main.yml
index d2b8b2c1..d81a141f 100644
--- a/inventory/group_vars/dolmetsch-ctl/main.yml
+++ b/inventory/group_vars/dolmetsch-ctl/main.yml
@@ -68,11 +68,13 @@ openwrt_mixin:
         iptables -A INPUT -i lo -j ACCEPT
         iptables -A INPUT -i "$MGMT_IF" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT
         iptables -P INPUT DROP
+        iptables -P FORWARD DROP
       }
 
       stop() {
         iptables -P INPUT ACCEPT
         iptables -F INPUT
+        iptables -P FORWARD ACCEPT
       }
author	Christian Pointner <equinox@spreadspace.org>	2018-12-30 12:21:13 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2018-12-30 12:21:13 +0100
commit	e8ad5a7ccaede91d32bfe2eafd0490cbcc4fd257 (patch)
tree	1f7d80bf1683ade3a014a766b75adc320b3a7ea5 /inventory/group_vars/dolmetsch-ctl/main.yml
parent	make accesspoint group a little bit more generic (diff)