paulbsd-salt/states/iptables/ip6tables.conf.j2
2020-07-10 00:58:55 +02:00

18 lines
652 B
Django/Jinja

*nat
:PREROUTING ACCEPT [10:1400]
:INPUT ACCEPT [10:1400]
:OUTPUT ACCEPT [30:15184]
:POSTROUTING ACCEPT [30:15184]
COMMIT
*filter
:INPUT DROP [7132:3757309]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [133292:28518143]
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
{% for pub_port in salt['pillar.get']('public_ports') %}-A INPUT -p {{ pub_port.proto }} -m {{ pub_port.proto }} --dport {{ pub_port.port }} -j ACCEPT
{% endfor %}{% for net in salt['pillar.get']('ipv6_networks') %}-A INPUT -s {{ net.ip }}/{{ net.mask }} -j ACCEPT
{% endfor %}-A INPUT -j LOG
COMMIT