forked from brl/citadel
Install iptables rules
This commit is contained in:
parent
c13d7dcfe7
commit
4fa5de8bf0
@ -0,0 +1,8 @@
|
|||||||
|
*filter
|
||||||
|
:INPUT DROP [0:0]
|
||||||
|
:FORWARD ACCEPT [0:0]
|
||||||
|
:OUTPUT DROP [0:0]
|
||||||
|
-A INPUT -m state --state ESTABLISHED -j ACCEPT
|
||||||
|
-A OUTPUT -p udp -m udp --sport 68 --dport 67 -j ACCEPT
|
||||||
|
-A OUTPUT -j LOG --log-uid --log-prefix 'iptables'
|
||||||
|
COMMIT
|
@ -0,0 +1,19 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=IPv4 Packet Filtering Framework
|
||||||
|
Before=network-pre.target
|
||||||
|
Wants=network-pre.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
|
||||||
|
ExecStart=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules
|
||||||
|
ExecReload=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules
|
||||||
|
|
||||||
|
ExecStopPost=-/sbin/iptables -P INPUT ACCEPT
|
||||||
|
ExecStopPost=-/sbin/iptables -P OUTPUT ACCEPT
|
||||||
|
ExecStopPost=/sbin/iptables -F
|
||||||
|
|
||||||
|
RemainAfterExit=yes
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -0,0 +1 @@
|
|||||||
|
FILESEXTRAPATHS_prepend := "${THISDIR}/iptables:"
|
Loading…
Reference in New Issue
Block a user