ryanc/ansible
1
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Add default rules for OUTPUT and FORWARD chains

Browse Source
This commit is contained in:
Ryan Cavicchioni 2019-09-02 17:54:06 +00:00
parent dbaebf70b8
commit 3e8161f350
Signed by: ryanc
GPG Key ID: 877EEDAF9245103D
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/firewall/templates/ip6tables.j2
View File

@ -111,6 +111,10 @@
-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "accept related/established inet6" -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "accept related/established inet6" -j ACCEPT
-A INPUT -m comment --comment "default drop inet6" -j LOG_DROP -A INPUT -m comment --comment "default drop inet6" -j LOG_DROP
-A FORWARD -m comment --comment "default forward drop inet6" -j LOG_DROP
-A OUTPUT -m comment --comment "default output accept inet6" -j ACCEPT
COMMIT COMMIT
*raw *raw

4
roles/firewall/templates/iptables.j2
View File

@ -95,6 +95,10 @@
-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "accept related/established" -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "accept related/established" -j ACCEPT
-A INPUT -m comment --comment "default drop" -j LOG_DROP -A INPUT -m comment --comment "default drop" -j LOG_DROP
-A FORWARD -m comment --comment "default forward drop" -j LOG_DROP
-A OUTPUT -m comment --comment "default output accept" -j ACCEPT
COMMIT COMMIT
*raw *raw