summaryrefslogtreecommitdiff
path: root/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/elevate/media/templates/firewall/r3-with-lan.sh.j2')
-rw-r--r--roles/elevate/media/templates/firewall/r3-with-lan.sh.j297
1 files changed, 0 insertions, 97 deletions
diff --git a/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2 b/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2
deleted file mode 100644
index fb2d45a9..00000000
--- a/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2
+++ /dev/null
@@ -1,97 +0,0 @@
-#######################
-# Definitions #
-#######################
-
-IPTABLES="/sbin/iptables"
-IP6TABLES="/sbin/ip6tables"
-
-[ -x $IPTABLES ] || exit 0
-[ -x $IP6TABLES ] || exit 0
-
-FILTER="$IPTABLES -t filter"
-NAT="$IPTABLES -t nat"
-MANGLE="$IPTABLES -t mangle"
-
-FILTER6="$IP6TABLES -t filter"
-MANGLE6="$IP6TABLES -t mangle"
-
-LAN_IF="{{ network.primary.name }}"
-LAN_IPADDR="{{ network.primary.address | ipaddr('address') }}"
-LAN_NETMASK="{{ network.primary.address | ipaddr('netmask') }}"
-
-EXT_IF="{{ network.primary.name }}.{{ network_zones.ccinet.vlan }}"
-EXT_IPADDR="89.106.211.61"
-
-EXT_SERVICES_TCP="80 443 {{ ansible_port }}"
-EXT_SERVICES_UDP=""
-
-
-#########################
-# IPv4 UP #
-#########################
-
-ipv4_up() {
- $FILTER -A INPUT -i lo -j ACCEPT
-
- $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -s "$LAN_IPADDR/$LAN_NETMASK" -j ACCEPT
-
- $FILTER -A INPUT -i "$EXT_IF" -d "$EXT_IPADDR" -p icmp -j ACCEPT
- for port in $EXT_SERVICES_TCP; do
- $FILTER -A INPUT -i "$EXT_IF" -d "$EXT_IPADDR" -p tcp --dport $port -j ACCEPT
- done
- for port in $EXT_SERVICES_UDP; do
- $FILTER -A INPUT -i "$EXT_IF" -d "$EXT_IPADDR" -p udp --dport $port -j ACCEPT
- done
- $FILTER -A INPUT -i "$EXT_IF" -d "$EXT_IPADDR" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-
-
- $FILTER -P INPUT DROP
- $FILTER -P FORWARD DROP
-
- echo -n "success"
-}
-
-
-#########################
-# IPv6 UP #
-#########################
-
-ipv6_up() {
- $FILTER6 -A INPUT -i lo -j ACCEPT
-
- $FILTER6 -P INPUT DROP
- $FILTER6 -P FORWARD DROP
-
- echo -n "success"
-}
-
-
-#########################
-# IPv4 DOWN #
-#########################
-
-ipv4_down() {
- $MANGLE -F
- $NAT -F
- $FILTER -F
- $FILTER -P INPUT ACCEPT
- $FILTER -P FORWARD ACCEPT
- $FILTER -P OUTPUT ACCEPT
-
- echo -n "success"
-}
-
-
-#########################
-# IPv6 DOWN #
-#########################
-
-ipv6_down() {
- $MANGLE6 -F
- $FILTER6 -F
- $FILTER6 -P INPUT ACCEPT
- $FILTER6 -P FORWARD ACCEPT
- $FILTER6 -P OUTPUT ACCEPT
-
- echo -n "success"
-}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 08:14:51 +0000