From e8ad5a7ccaede91d32bfe2eafd0490cbcc4fd257 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 30 Dec 2018 12:21:13 +0100
Subject: dolmetsch-ctl: also block potentially forwarded traffic with iptables

---
 inventory/group_vars/dolmetsch-ctl/main.yml | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'inventory/group_vars/dolmetsch-ctl/main.yml')

diff --git a/inventory/group_vars/dolmetsch-ctl/main.yml b/inventory/group_vars/dolmetsch-ctl/main.yml
index d2b8b2c1..d81a141f 100644
--- a/inventory/group_vars/dolmetsch-ctl/main.yml
+++ b/inventory/group_vars/dolmetsch-ctl/main.yml
@@ -68,11 +68,13 @@ openwrt_mixin:
         iptables -A INPUT -i lo -j ACCEPT
         iptables -A INPUT -i "$MGMT_IF" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT
         iptables -P INPUT DROP
+        iptables -P FORWARD DROP
       }
 
       stop() {
         iptables -P INPUT ACCEPT
         iptables -F INPUT
+        iptables -P FORWARD ACCEPT
       }
 
 
-- 
cgit v1.2.3