| 123456789101112131415161718192021222324 |
- # This file is managed by ansible, don't make changes here - they will be overwritten.
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- COMMIT
- *mangle
- :PREROUTING ACCEPT [0:0]
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -N DNS
- -A INPUT -p udp -m udp --dport 53 -j DNS
- -A INPUT -p tcp -m tcp --dport 53 -j DNS
- {% if v6dnsips is defined %}
- {% for entry in v6dnsips %}
- -A DNS -d {{entry}}/32 -j RETURN
- {% endfor %}
- {% endif %}
- :POSTROUTING ACCEPT [0:0]
- {% if ffrl_tun is defined %}
- -A POSTROUTING -o tun-+ -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss ! --mss 0:1220 -j TCPMSS --set-mss 1220
- {% endif %}
- COMMIT
|
