summaryrefslogtreecommitdiff
path: root/roles/elevate/media/templates/firewall/elevate-office.sh.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/elevate/media/templates/firewall/elevate-office.sh.j2')
-rw-r--r--roles/elevate/media/templates/firewall/elevate-office.sh.j233
1 files changed, 29 insertions, 4 deletions
diff --git a/roles/elevate/media/templates/firewall/elevate-office.sh.j2 b/roles/elevate/media/templates/firewall/elevate-office.sh.j2
index 041e441b..19cea0db 100644
--- a/roles/elevate/media/templates/firewall/elevate-office.sh.j2
+++ b/roles/elevate/media/templates/firewall/elevate-office.sh.j2
@@ -15,13 +15,23 @@ MANGLE="$IPTABLES -t mangle"
FILTER6="$IP6TABLES -t filter"
MANGLE6="$IP6TABLES -t mangle"
+LAN_IF="{{ network.primary.interface }}"
+LAN_IPADDR="192.168.0.250"
+LAN_NETMASK="255.255.255.0"
+
#########################
# IPv4 UP #
#########################
ipv4_up() {
- # don't do anything here
+ $FILTER -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT
+
+ $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -s "$LAN_IPADDR/$LAN_NETMASK" -j ACCEPT
+
+ $FILTER -P INPUT DROP
+ $FILTER -P FORWARD DROP
+
echo -n "success"
}
@@ -31,7 +41,11 @@ ipv4_up() {
#########################
ipv6_up() {
- # don't do anything here
+ $FILTER -A INPUT -i lo -j ACCEPT
+
+ $FILTER -P INPUT DROP
+ $FILTER -P FORWARD DROP
+
echo -n "success"
}
@@ -41,7 +55,13 @@ ipv6_up() {
#########################
ipv4_down() {
- # don't do anything here
+ $MANGLE -F
+ $NAT -F
+ $FILTER -F
+ $FILTER -P INPUT ACCEPT
+ $FILTER -P FORWARD ACCEPT
+ $FILTER -P OUTPUT ACCEPT
+
echo -n "success"
}
@@ -51,6 +71,11 @@ ipv4_down() {
#########################
ipv6_down() {
- # don't do anything here
+ $MANGLE6 -F
+ $FILTER6 -F
+ $FILTER6 -P INPUT ACCEPT
+ $FILTER6 -P FORWARD ACCEPT
+ $FILTER6 -P OUTPUT ACCEPT
+
echo -n "success"
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-03 08:41:32 +0000