jcarr
/
wit-network-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

doh, ipv6 we want not ipv4 ;)

This commit is contained in:
toby 2019-04-05 00:17:39 +00:00
parent 30eecc7f51
commit b8e6a8a418
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
files/firewall
View File

@ -32,7 +32,6 @@ case $1 in
iptables -A INPUT -m policy --pol ipsec --dir in -m multiport -p tcp --sports 6800:7300 -j ACCEPT -m comment --comment "ceph osd traffic" iptables -A INPUT -m policy --pol ipsec --dir in -m multiport -p tcp --sports 6800:7300 -j ACCEPT -m comment --comment "ceph osd traffic"
iptables -A INPUT -m policy --pol ipsec --dir in -p tcp --dport 6789 -j ACCEPT -m comment --comment "ceph mon traffic" iptables -A INPUT -m policy --pol ipsec --dir in -p tcp --dport 6789 -j ACCEPT -m comment --comment "ceph mon traffic"
iptables -A INPUT -m policy --pol ipsec --dir in -p tcp --sport 6789 -j ACCEPT -m comment --comment "ceph mon traffic" iptables -A INPUT -m policy --pol ipsec --dir in -p tcp --sport 6789 -j ACCEPT -m comment --comment "ceph mon traffic"
iptables -A INPUT -m policy --pol ipsec --dir in -p tcp --sport 4000 -j ACCEPT -m comment --comment "stackapi traffic"
iptables -A INPUT -m policy --pol ipsec --dir in -p udp --dport 4789 -j ACCEPT -m comment --comment "vxlan traffic" iptables -A INPUT -m policy --pol ipsec --dir in -p udp --dport 4789 -j ACCEPT -m comment --comment "vxlan traffic"
iptables -A INPUT -m policy --pol ipsec --dir in -p udp --sport 123 -j ACCEPT -m comment --comment "ntp replies for anything over the VPN" iptables -A INPUT -m policy --pol ipsec --dir in -p udp --sport 123 -j ACCEPT -m comment --comment "ntp replies for anything over the VPN"
iptables -A INPUT -m policy --pol ipsec --dir in -p udp --sport 53 -j ACCEPT -m comment --comment "dns replies from anything over the VPN" iptables -A INPUT -m policy --pol ipsec --dir in -p udp --sport 53 -j ACCEPT -m comment --comment "dns replies from anything over the VPN"
@ -105,7 +104,8 @@ case $1 in
ip6tables -A INPUT -m policy --pol ipsec --dir in -p tcp --dport 22 -j ACCEPT -m comment --comment "ssh if coming over the VPN" ip6tables -A INPUT -m policy --pol ipsec --dir in -p tcp --dport 22 -j ACCEPT -m comment --comment "ssh if coming over the VPN"
ip6tables -A INPUT -m policy --pol ipsec --dir in -p udp --sport 53 -j ACCEPT -m comment --comment "dns replies from anything over the VPN" ip6tables -A INPUT -m policy --pol ipsec --dir in -p udp --sport 53 -j ACCEPT -m comment --comment "dns replies from anything over the VPN"
ip6tables -A INPUT -m policy --pol ipsec --dir in -p udp --sport 123 -j ACCEPT -m comment --comment "ntp if coming over the VPN" ip6tables -A INPUT -m policy --pol ipsec --dir in -p udp --sport 123 -j ACCEPT -m comment --comment "ntp if coming over the VPN"
ip6tables -A INPUT -m policy --pol ipsec --dir in -p tcp --sport 2379 -j ACCEPT -m comment --comment "etcd replies from stackapi" #ip6tables -A INPUT -m policy --pol ipsec --dir in -p tcp --sport 2379 -j ACCEPT -m comment --comment "etcd replies from stackapi"
ip6tables -A INPUT -m policy --pol ipsec --dir in -p tcp --sport 4000 -j ACCEPT -m comment --comment "stackapi replies"
ip6tables -A INPUT -m policy --pol ipsec --dir in -m multiport -p tcp --dports 49152:49215 -j ACCEPT -m comment --comment "libvirt live migration" ip6tables -A INPUT -m policy --pol ipsec --dir in -m multiport -p tcp --dports 49152:49215 -j ACCEPT -m comment --comment "libvirt live migration"
ip6tables -A INPUT -m policy --pol ipsec --dir in -m multiport -p tcp --sports 49152:49215 -j ACCEPT -m comment --comment "libvirt live migration" ip6tables -A INPUT -m policy --pol ipsec --dir in -m multiport -p tcp --sports 49152:49215 -j ACCEPT -m comment --comment "libvirt live migration"