diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2019-07-15 17:16:57 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2019-07-15 17:17:05 +0200 |
| commit | 2b7a57407471c2ad94f2ee5f78e231820d3a4d0d (patch) | |
| tree | 5048c82e7b642c7b4bf69e4a3ab130fda1a2d598 /inventory/host_vars/ch-router.yml | |
| parent | addd host: ch-gw-lan (diff) | |
fix firewall of router (allow ssh from internal nets)
Diffstat (limited to 'inventory/host_vars/ch-router.yml')
| -rw-r--r-- | inventory/host_vars/ch-router.yml | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/inventory/host_vars/ch-router.yml b/inventory/host_vars/ch-router.yml index c3df8e2b..5394c4d6 100644 --- a/inventory/host_vars/ch-router.yml +++ b/inventory/host_vars/ch-router.yml @@ -85,6 +85,7 @@ openwrt_mixin: ## LAN Traffic # iptables -A INPUT -i "$SVC_IF" -p icmp -d "$SVC_IPADDR" -s 192.168.0.0/16 -j ACCEPT + iptables -A INPUT -i "$SVC_IF" -d "$SVC_IPADDR" -p tcp --dport "$SSH_PORT" -j ACCEPT iptables -A INPUT -i "$SVC_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i "$SVC_IF" -o "$MAGENTA_IF" -s 192.168.0.0/16 -j ACCEPT iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT |