diff options
Diffstat (limited to 'roles/elevate/media/templates/firewall/elevate-festival.sh.j2')
-rw-r--r-- | roles/elevate/media/templates/firewall/elevate-festival.sh.j2 | 98 |
1 files changed, 0 insertions, 98 deletions
diff --git a/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 b/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 deleted file mode 100644 index c9d6cb88..00000000 --- a/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 +++ /dev/null @@ -1,98 +0,0 @@ -####################### -# Definitions # -####################### - -IPTABLES="/sbin/iptables" -IP6TABLES="/sbin/ip6tables" - -[ -x $IPTABLES ] || exit 0 -[ -x $IP6TABLES ] || exit 0 - -FILTER="$IPTABLES -t filter" -NAT="$IPTABLES -t nat" -MANGLE="$IPTABLES -t mangle" - -FILTER6="$IP6TABLES -t filter" -MANGLE6="$IP6TABLES -t mangle" - -LAN_IF="{{ network.primary.name }}" -LAN_IPADDR="{{ network.primary.address | ipaddr('address') }}" -LAN_NETMASK="{{ network.primary.address | ipaddr('netmask') }}" - -EXT_IF="wg-gwhetzner" -EXT_IPADDR="192.168.254.2" - -EXT_SERVICES_TCP="80 443 {{ ansible_port }}" -EXT_SERVICES_UDP="" - - -######################### -# IPv4 UP # -######################### - -ipv4_up() { - $FILTER -A INPUT -i lo -j ACCEPT - - $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -s "$LAN_IPADDR/$LAN_NETMASK" -j ACCEPT - $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - $FILTER -A INPUT -i "$EXT_IF" -d "$EXT_IPADDR" -p icmp -j ACCEPT - for port in $EXT_SERVICES_TCP; do - $FILTER -A INPUT -i "$EXT_IF" -d "$EXT_IPADDR" -p tcp --dport $port -j ACCEPT - done - for port in $EXT_SERVICES_UDP; do - $FILTER -A INPUT -i "$EXT_IF" -d "$EXT_IPADDR" -p udp --dport $port -j ACCEPT - done - $FILTER -A INPUT -i "$EXT_IF" -d "$EXT_IPADDR" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - - $FILTER -P INPUT DROP - $FILTER -P FORWARD DROP - - echo -n "success" -} - - -######################### -# IPv6 UP # -######################### - -ipv6_up() { - $FILTER6 -A INPUT -i lo -j ACCEPT - - $FILTER6 -P INPUT DROP - $FILTER6 -P FORWARD DROP - - echo -n "success" -} - - -######################### -# IPv4 DOWN # -######################### - -ipv4_down() { - $MANGLE -F - $NAT -F - $FILTER -F - $FILTER -P INPUT ACCEPT - $FILTER -P FORWARD ACCEPT - $FILTER -P OUTPUT ACCEPT - - echo -n "success" -} - - -######################### -# IPv6 DOWN # -######################### - -ipv6_down() { - $MANGLE6 -F - $FILTER6 -F - $FILTER6 -P INPUT ACCEPT - $FILTER6 -P FORWARD ACCEPT - $FILTER6 -P OUTPUT ACCEPT - - echo -n "success" -} |