diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2019-01-19 23:20:09 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2019-01-19 23:20:09 +0100 |
| commit | fc4231a876410e7c1bfffd497c6b3467c9e6a436 (patch) | |
| tree | 8e41ee8afc725bcf025caa4392b4255ed5b92588 /roles/elevate | |
| parent | fix firewall scripts (diff) | |
elevate/media: firewall config was a little to strict
Diffstat (limited to 'roles/elevate')
5 files changed, 5 insertions, 5 deletions
diff --git a/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 b/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 index 3daf2836..b799548a 100644 --- a/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 +++ b/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 @@ -31,7 +31,7 @@ EXT_SERVICES_UDP="" ######################### ipv4_up() { - $FILTER -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT + $FILTER -A INPUT -i lo -j ACCEPT $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -s "$LAN_IPADDR/$LAN_NETMASK" -j ACCEPT diff --git a/roles/elevate/media/templates/firewall/elevate-office.sh.j2 b/roles/elevate/media/templates/firewall/elevate-office.sh.j2 index 26ee5afe..b2f7f416 100644 --- a/roles/elevate/media/templates/firewall/elevate-office.sh.j2 +++ b/roles/elevate/media/templates/firewall/elevate-office.sh.j2 @@ -25,7 +25,7 @@ LAN_NETMASK="255.255.255.0" ######################### ipv4_up() { - $FILTER -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT + $FILTER -A INPUT -i lo -j ACCEPT $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -s "$LAN_IPADDR/$LAN_NETMASK" -j ACCEPT $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT diff --git a/roles/elevate/media/templates/firewall/lan-only.sh.j2 b/roles/elevate/media/templates/firewall/lan-only.sh.j2 index aa9f03d8..4431ade0 100644 --- a/roles/elevate/media/templates/firewall/lan-only.sh.j2 +++ b/roles/elevate/media/templates/firewall/lan-only.sh.j2 @@ -25,7 +25,7 @@ LAN_NETMASK="{{ network.primary.mask }}" ######################### ipv4_up() { - $FILTER -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT + $FILTER -A INPUT -i lo -j ACCEPT $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -s "$LAN_IPADDR/$LAN_NETMASK" -j ACCEPT $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT diff --git a/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2 b/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2 index 20eca653..ca1f1b21 100644 --- a/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2 +++ b/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2 @@ -31,7 +31,7 @@ EXT_SERVICES_UDP="" ######################### ipv4_up() { - $FILTER -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT + $FILTER -A INPUT -i lo -j ACCEPT $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -s "$LAN_IPADDR/$LAN_NETMASK" -j ACCEPT diff --git a/roles/elevate/media/templates/firewall/r3.sh.j2 b/roles/elevate/media/templates/firewall/r3.sh.j2 index 6ee29631..f8685b4f 100644 --- a/roles/elevate/media/templates/firewall/r3.sh.j2 +++ b/roles/elevate/media/templates/firewall/r3.sh.j2 @@ -27,7 +27,7 @@ EXT_SERVICES_UDP="" ######################### ipv4_up() { - $FILTER -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT + $FILTER -A INPUT -i lo -j ACCEPT $FILTER -A INPUT -i "$EXT_IF" -d "$EXT_IPADDR" -p icmp -j ACCEPT for port in $EXT_SERVICES_TCP; do |