firewall/ipt-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add rule to prevent bridged traffic getting pushed through the host's iptables rules if requested (do_not_firewall_bridged_traffic).

Browse Source
This commit is contained in:
Christoph
2017-08-15 14:04:18 +02:00
parent 968dedbe65
commit 6966eff903
4 changed files with 44 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ip6t-firewall-server
View File

@@ -142,6 +142,20 @@ echo
# -------------
# --- Prevent bridged traffic getting pushed through the host's iptables rules
# -------------
echononl "\tPrevent bridged traffic getting pushed through the host's iptables rules"
if $do_not_firewall_bridged_traffic ; then
$ip6t -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
echo_done
else
echo_skipped
fi
# ------------- # -------------
# ------------ Stopping firewall if only flushing was requested (parameter flush) # ------------ Stopping firewall if only flushing was requested (parameter flush)
# ------------- # -------------

11
ip6t-firewall-server.conf.sample
View File

@@ -64,9 +64,14 @@ ext_ifs="$ext_if_1 $ext_if_2 $ext_if_3"
# - is this a virtuel system ? # - is this a virtuel system ?
host_is_vm=false host_is_vm=false
# - Extern Interfaces Static Lines # - Prevent bridged traffic getting pushed through the
# - (comma separated list) # - host's iptables rules
#ext_if_static="eth0" # -
# - Note: Maybe youe have also to activate forwarding
# -
# - Set: kernel_forward_between_interfaces=true
# -
do_not_firewall_bridged_traffic=false
# - VPN Interfaces # - VPN Interfaces
# - (comma separated list) # - (comma separated list)

14
ipt-firewall-server
View File

@@ -221,6 +221,20 @@ echo
# -------------
# --- Prevent bridged traffic getting pushed through the host's iptables rules
# -------------
echononl "\tPrevent bridged traffic getting pushed through the host's iptables rules"
if $do_not_firewall_bridged_traffic ; then
$ipt -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
echo_done
else
echo_skipped
fi
# ------------- # -------------
# ------------ Stopping firewall if only flushing was requested (parameter flush) # ------------ Stopping firewall if only flushing was requested (parameter flush)
# ------------- # -------------

11
ipt-firewall-server.conf.sample
View File

@@ -64,9 +64,14 @@ ext_ifs="$ext_if_1 $ext_if_2 $ext_if_3"
# - is this a virtuel system ? # - is this a virtuel system ?
host_is_vm=false host_is_vm=false
# - Extern Interfaces Static Lines # - Prevent bridged traffic getting pushed through the
# - (comma separated list) # - host's iptables rules
#ext_if_static="eth0" # -
# - Note: Maybe youe have also to activate forwarding
# -
# - Set: kernel_activate_forwarding=true
# -
do_not_firewall_bridged_traffic=false
# - VPN Interfaces # - VPN Interfaces
# - (comma separated list) # - (comma separated list)