diff options
Diffstat (limited to 'roles/elevate/media/templates/firewall/lan-only.sh.j2')
-rw-r--r-- | roles/elevate/media/templates/firewall/lan-only.sh.j2 | 82 |
1 files changed, 0 insertions, 82 deletions
diff --git a/roles/elevate/media/templates/firewall/lan-only.sh.j2 b/roles/elevate/media/templates/firewall/lan-only.sh.j2 deleted file mode 100644 index 85f0cde4..00000000 --- a/roles/elevate/media/templates/firewall/lan-only.sh.j2 +++ /dev/null @@ -1,82 +0,0 @@ -####################### -# Definitions # -####################### - -IPTABLES="/sbin/iptables" -IP6TABLES="/sbin/ip6tables" - -[ -x $IPTABLES ] || exit 0 -[ -x $IP6TABLES ] || exit 0 - -FILTER="$IPTABLES -t filter" -NAT="$IPTABLES -t nat" -MANGLE="$IPTABLES -t mangle" - -FILTER6="$IP6TABLES -t filter" -MANGLE6="$IP6TABLES -t mangle" - -LAN_IF="{{ network.primary.name }}" -LAN_IPADDR="{{ network.primary.address | ipaddr('address') }}" -LAN_NETMASK="{{ network.primary.address | ipaddr('netmask') }}" - - -######################### -# IPv4 UP # -######################### - -ipv4_up() { - $FILTER -A INPUT -i lo -j ACCEPT - - $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -s "$LAN_IPADDR/$LAN_NETMASK" -j ACCEPT - $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - $FILTER -P INPUT DROP - $FILTER -P FORWARD DROP - - echo -n "success" -} - - -######################### -# IPv6 UP # -######################### - -ipv6_up() { - $FILTER6 -A INPUT -i lo -j ACCEPT - - $FILTER6 -P INPUT DROP - $FILTER6 -P FORWARD DROP - - echo -n "success" -} - - -######################### -# IPv4 DOWN # -######################### - -ipv4_down() { - $MANGLE -F - $NAT -F - $FILTER -F - $FILTER -P INPUT ACCEPT - $FILTER -P FORWARD ACCEPT - $FILTER -P OUTPUT ACCEPT - - echo -n "success" -} - - -######################### -# IPv6 DOWN # -######################### - -ipv6_down() { - $MANGLE6 -F - $FILTER6 -F - $FILTER6 -P INPUT ACCEPT - $FILTER6 -P FORWARD ACCEPT - $FILTER6 -P OUTPUT ACCEPT - - echo -n "success" -} |