18 lines
652 B
Plaintext
18 lines
652 B
Plaintext
|
*nat
|
||
|
:PREROUTING ACCEPT [10:1400]
|
||
|
:INPUT ACCEPT [10:1400]
|
||
|
:OUTPUT ACCEPT [30:15184]
|
||
|
:POSTROUTING ACCEPT [30:15184]
|
||
|
COMMIT
|
||
|
*filter
|
||
|
:INPUT DROP [7132:3757309]
|
||
|
:FORWARD ACCEPT [0:0]
|
||
|
:OUTPUT ACCEPT [133292:28518143]
|
||
|
-A INPUT -i lo -j ACCEPT
|
||
|
-A INPUT -i tun+ -j ACCEPT
|
||
|
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||
|
-A INPUT -p ipv6-icmp -j ACCEPT
|
||
|
{% for pub_port in salt['pillar.get']('public_ports') %}-A INPUT -p {{ pub_port.proto }} -m {{ pub_port.proto }} --dport {{ pub_port.port }} -j ACCEPT
|
||
|
{% endfor %}{% for net in salt['pillar.get']('ipv6_networks') %}-A INPUT -s {{ net.ip }}/{{ net.mask }} -j ACCEPT
|
||
|
{% endfor %}-A INPUT -j LOG
|
||
|
COMMIT
|