| 1234567891011121314151617181920212223242526272829303132333435363738 |
- # Generated by Ansible
- *mangle
- :PREROUTING ACCEPT [0:0]
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- # MSS clamping
- {% if peers is defined %}{%for peer in peers %}
- -A POSTROUTING -o {{ peer.name }} -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1280
- {%endfor%}{% endif %}
- COMMIT
- *nat
- :PREROUTING ACCEPT [0:0]
- :INPUT ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- # NAT
- {% if nat_ipv4 is defined and peers is defined %}{%for peer in peers %}
- -A POSTROUTING -s {{ ipv4_network }} -o {{ peer.name }} -j SNAT --to-source {{ nat_ipv4|ipaddr('address') }}
- {%endfor%}{% endif %}
- COMMIT
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- # Drop bogus
- -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
- -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
- # Fastd over mesh verbieten
- -A INPUT -s {{ ipv4_network }} -p udp -m udp --dport 10000 -m limit --limit 2/sec -j LOG --log-prefix "fastd over mesh: "
- -A INPUT -s {{ ipv4_network }} -p udp -m udp --dport 10000 -j REJECT --reject-with icmp-admin-prohibited
- # Drop invalid
- -A FORWARD -m state --state INVALID -j DROP
- # Fastd over mesh verbieten
- -A FORWARD -s {{ ipv4_network }} -p udp -m udp --dport 10000 -m limit --limit 2/sec -j LOG --log-prefix "fastd over mesh: "
- -A FORWARD -s {{ ipv4_network }} -p udp -m udp --dport 10000 -j REJECT --reject-with icmp-admin-prohibited
- COMMIT
|
