simplifying and adding flexibility to the NOTRACK rules
This commit is contained in:
toby
parent
249e13bac6
commit
7aabd41def
|
|
@ -51,8 +51,10 @@ case $1 in
|
||||||
iptables -t nat -F
|
iptables -t nat -F
|
||||||
iptables -t raw -F
|
iptables -t raw -F
|
||||||
|
|
||||||
iptables -t raw -A PREROUTING ! -i mgmt1 -j NOTRACK
|
iptables -t raw -A PREROUTING -i mgmt1 -j ACCEPT
|
||||||
iptables -t raw -A OUTPUT ! -o mgmt -j NOTRACK
|
iptables -t raw -A OUTPUT -o mgmt -j ACCEPT
|
||||||
|
iptables -t raw -A PREROUTING -j NOTRACK
|
||||||
|
iptables -t raw -A OUTPUT -j NOTRACK
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -88,10 +90,15 @@ case $1 in
|
||||||
ip6tables -t nat -F
|
ip6tables -t nat -F
|
||||||
ip6tables -t raw -F
|
ip6tables -t raw -F
|
||||||
|
|
||||||
ip6tables -t raw -A PREROUTING ! -i mgmt1 -j NOTRACK
|
ip6tables -t raw -A PREROUTING -i mgmt1 -j ACCEPT
|
||||||
ip6tables -t raw -A OUTPUT ! -o mgmt -j NOTRACK
|
ip6tables -t raw -A OUTPUT -o mgmt -j ACCEPT
|
||||||
|
ip6tables -t raw -A PREROUTING -j NOTRACK
|
||||||
|
ip6tables -t raw -A OUTPUT -j NOTRACK
|
||||||
|
|
||||||
|
|
||||||
|
#some boxes get special addon rules
|
||||||
|
[ -e /etc/init.d/firewall-addon ] && source /etc/init.d/firewall-addon
|
||||||
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
stop)
|
stop)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue