1
0
forked from brl/citadel

Install iptables rules

This commit is contained in:
Bruce Leidl 2020-11-29 18:35:52 -05:00
parent c13d7dcfe7
commit 4fa5de8bf0
3 changed files with 28 additions and 0 deletions

View File

@ -0,0 +1,8 @@
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [0:0]
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m udp --sport 68 --dport 67 -j ACCEPT
-A OUTPUT -j LOG --log-uid --log-prefix 'iptables'
COMMIT

View File

@ -0,0 +1,19 @@
[Unit]
Description=IPv4 Packet Filtering Framework
Before=network-pre.target
Wants=network-pre.target
[Service]
Type=oneshot
ExecStart=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules
ExecReload=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules
ExecStopPost=-/sbin/iptables -P INPUT ACCEPT
ExecStopPost=-/sbin/iptables -P OUTPUT ACCEPT
ExecStopPost=/sbin/iptables -F
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/iptables:"