diff options
Diffstat (limited to 'roles/elevate/media/templates')
5 files changed, 18 insertions, 16 deletions
diff --git a/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 b/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 index 5e7bd98b..3daf2836 100644 --- a/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 +++ b/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 @@ -20,7 +20,7 @@ LAN_IPADDR="{{ network.primary.ip }}" LAN_NETMASK="{{ network.primary.mask }}" EXT_IF="{{ network.primary.interface }}.{{ network_zones.dom.vlan }}" -EXT_IPADDR="{{ network_zones.dom.prefix | ipaddr(network_zones.dom.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" +EXT_IPADDR="{{ network_zones.dom.prefix | ipaddr(network_zones.dom.offsets[inventory_hostname]) | ipaddr('address') }}" EXT_SERVICES_TCP="80 443 22000" EXT_SERVICES_UDP="" @@ -57,10 +57,10 @@ ipv4_up() { ######################### ipv6_up() { - $FILTER -A INPUT -i lo -j ACCEPT + $FILTER6 -A INPUT -i lo -j ACCEPT - $FILTER -P INPUT DROP - $FILTER -P FORWARD DROP + $FILTER6 -P INPUT DROP + $FILTER6 -P FORWARD DROP echo -n "success" } diff --git a/roles/elevate/media/templates/firewall/elevate-office.sh.j2 b/roles/elevate/media/templates/firewall/elevate-office.sh.j2 index 19cea0db..26ee5afe 100644 --- a/roles/elevate/media/templates/firewall/elevate-office.sh.j2 +++ b/roles/elevate/media/templates/firewall/elevate-office.sh.j2 @@ -28,6 +28,7 @@ ipv4_up() { $FILTER -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -s "$LAN_IPADDR/$LAN_NETMASK" -j ACCEPT + $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT $FILTER -P INPUT DROP $FILTER -P FORWARD DROP @@ -41,10 +42,10 @@ ipv4_up() { ######################### ipv6_up() { - $FILTER -A INPUT -i lo -j ACCEPT + $FILTER6 -A INPUT -i lo -j ACCEPT - $FILTER -P INPUT DROP - $FILTER -P FORWARD DROP + $FILTER6 -P INPUT DROP + $FILTER6 -P FORWARD DROP echo -n "success" } diff --git a/roles/elevate/media/templates/firewall/lan-only.sh.j2 b/roles/elevate/media/templates/firewall/lan-only.sh.j2 index 9a7db67a..aa9f03d8 100644 --- a/roles/elevate/media/templates/firewall/lan-only.sh.j2 +++ b/roles/elevate/media/templates/firewall/lan-only.sh.j2 @@ -28,6 +28,7 @@ ipv4_up() { $FILTER -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -s "$LAN_IPADDR/$LAN_NETMASK" -j ACCEPT + $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT $FILTER -P INPUT DROP $FILTER -P FORWARD DROP @@ -41,10 +42,10 @@ ipv4_up() { ######################### ipv6_up() { - $FILTER -A INPUT -i lo -j ACCEPT + $FILTER6 -A INPUT -i lo -j ACCEPT - $FILTER -P INPUT DROP - $FILTER -P FORWARD DROP + $FILTER6 -P INPUT DROP + $FILTER6 -P FORWARD DROP echo -n "success" } diff --git a/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2 b/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2 index 4ac1509c..20eca653 100644 --- a/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2 +++ b/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2 @@ -57,10 +57,10 @@ ipv4_up() { ######################### ipv6_up() { - $FILTER -A INPUT -i lo -j ACCEPT + $FILTER6 -A INPUT -i lo -j ACCEPT - $FILTER -P INPUT DROP - $FILTER -P FORWARD DROP + $FILTER6 -P INPUT DROP + $FILTER6 -P FORWARD DROP echo -n "success" } diff --git a/roles/elevate/media/templates/firewall/r3.sh.j2 b/roles/elevate/media/templates/firewall/r3.sh.j2 index 8959951d..6ee29631 100644 --- a/roles/elevate/media/templates/firewall/r3.sh.j2 +++ b/roles/elevate/media/templates/firewall/r3.sh.j2 @@ -51,10 +51,10 @@ ipv4_up() { ######################### ipv6_up() { - $FILTER -A INPUT -i lo -j ACCEPT + $FILTER6 -A INPUT -i lo -j ACCEPT - $FILTER -P INPUT DROP - $FILTER -P FORWARD DROP + $FILTER6 -P INPUT DROP + $FILTER6 -P FORWARD DROP echo -n "success" } |