####################### # Definitions # ####################### IPTABLES="/sbin/iptables" IP6TABLES="/sbin/ip6tables" [ -x $IPTABLES ] || exit 0 [ -x $IP6TABLES ] || exit 0 FILTER="$IPTABLES -t filter" NAT="$IPTABLES -t nat" MANGLE="$IPTABLES -t mangle" FILTER6="$IP6TABLES -t filter" MANGLE6="$IP6TABLES -t mangle" LAN_IF="{{ network.primary.interface }}" LAN_IPADDR="192.168.0.250" LAN_NETMASK="255.255.255.0" ######################### # IPv4 UP # ######################### ipv4_up() { $FILTER -A INPUT -i lo -j ACCEPT $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -s "$LAN_IPADDR/$LAN_NETMASK" -j ACCEPT $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT $FILTER -P INPUT DROP $FILTER -P FORWARD DROP echo -n "success" } ######################### # IPv6 UP # ######################### ipv6_up() { $FILTER6 -A INPUT -i lo -j ACCEPT $FILTER6 -P INPUT DROP $FILTER6 -P FORWARD DROP echo -n "success" } ######################### # IPv4 DOWN # ######################### ipv4_down() { $MANGLE -F $NAT -F $FILTER -F $FILTER -P INPUT ACCEPT $FILTER -P FORWARD ACCEPT $FILTER -P OUTPUT ACCEPT echo -n "success" } ######################### # IPv6 DOWN # ######################### ipv6_down() { $MANGLE6 -F $FILTER6 -F $FILTER6 -P INPUT ACCEPT $FILTER6 -P FORWARD ACCEPT $FILTER6 -P OUTPUT ACCEPT echo -n "success" }