summaryrefslogtreecommitdiff
path: root/roles/elevate/media/templates/firewall
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2020-02-29 03:29:26 +0100
committerChristian Pointner <equinox@spreadspace.org>2020-02-29 03:29:26 +0100
commita895214d8fe4b515fbef15a7f919c5177543ac56 (patch)
tree41a93a5a55c1065468510af6b47b8108fc898803 /roles/elevate/media/templates/firewall
parentrevert last commit (diff)
wireguard gateway works now (it is quite ugly though)
Diffstat (limited to 'roles/elevate/media/templates/firewall')
-rw-r--r--roles/elevate/media/templates/firewall/elevate-festival.sh.j25
1 files changed, 3 insertions, 2 deletions
diff --git a/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 b/roles/elevate/media/templates/firewall/elevate-festival.sh.j2
index 987117c8..fea33cc2 100644
--- a/roles/elevate/media/templates/firewall/elevate-festival.sh.j2
+++ b/roles/elevate/media/templates/firewall/elevate-festival.sh.j2
@@ -19,8 +19,8 @@ LAN_IF="{{ network.primary.interface }}"
LAN_IPADDR="{{ network.primary.ip }}"
LAN_NETMASK="{{ network.primary.mask }}"
-EXT_IF="{{ network.primary.interface }}.{{ network_zones.ccinet.vlan }}"
-EXT_IPADDR="{{ network_zones.ccinet.prefix | ipaddr(network_zones.ccinet.offsets[inventory_hostname]) | ipaddr('address') }}"
+EXT_IF="wg-gwhetzner"
+EXT_IPADDR="192.168.254.2"
EXT_SERVICES_TCP="80 443 22000"
EXT_SERVICES_UDP=""
@@ -34,6 +34,7 @@ ipv4_up() {
$FILTER -A INPUT -i lo -j ACCEPT
$FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -s "$LAN_IPADDR/$LAN_NETMASK" -j ACCEPT
+ $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
$FILTER -A INPUT -i "$EXT_IF" -d "$EXT_IPADDR" -p icmp -j ACCEPT
for port in $EXT_SERVICES_TCP; do
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-05 04:55:12 +0000