Role network-iptables-gateway: fix freifunk bridge rules
This commit is contained in:
parent
071bdb40d4
commit
80bd91a469
2 changed files with 12 additions and 4 deletions
|
@ -8,8 +8,12 @@
|
||||||
-A INPUT -d {{ ansible_default_ipv4.address | ipaddr('public') }}/32 -p gre -j ACCEPT
|
-A INPUT -d {{ ansible_default_ipv4.address | ipaddr('public') }}/32 -p gre -j ACCEPT
|
||||||
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||||
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
{% for mesh in meshes %}
|
{% for mesh_forward in meshes %}
|
||||||
-A FORWARD -i {{ mesh.id }}br -o {{ mesh.id }}br -j ACCEPT
|
{% for mesh_recursive in meshes recursive %}
|
||||||
|
{% if not mesh_forward.id == mesh_recursive.id %}
|
||||||
|
-A FORWARD -i {{ mesh_forward.id }}br -o {{ mesh_recursive.id }}br -j ACCEPT
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
-A FORWARD -m conntrack --ctstate INVALID -j DROP
|
-A FORWARD -m conntrack --ctstate INVALID -j DROP
|
||||||
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
|
|
|
@ -7,8 +7,12 @@
|
||||||
:OUTPUT ACCEPT [0:0]
|
:OUTPUT ACCEPT [0:0]
|
||||||
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||||
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
{% for mesh in meshes %}
|
{% for mesh_forward in meshes %}
|
||||||
-A FORWARD -i {{ mesh.id }}br -o {{ mesh.id }}br -j ACCEPT
|
{% for mesh_recursive in meshes recursive %}
|
||||||
|
{% if not mesh_forward.id == mesh_recursive.id %}
|
||||||
|
-A FORWARD -i {{ mesh_forward.id }}br -o {{ mesh_recursive.id }}br -j ACCEPT
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
-A FORWARD -m conntrack --ctstate INVALID -j DROP
|
-A FORWARD -m conntrack --ctstate INVALID -j DROP
|
||||||
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
|
|
Loading…
Reference in a new issue