firewall/ipt-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add rule to prevent bridged traffic getting pushed through the host's iptables rules if requested (do_not_firewall_bridged_traffic).

Browse Source
This commit is contained in:
Christoph 2017-08-15 14:04:18 +02:00
parent 968dedbe65
commit 6966eff903
4 changed files with 44 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ip6t-firewall-server
View File

@ -142,6 +142,20 @@ echo
# -------------
# --- Prevent bridged traffic getting pushed through the host's iptables rules
# -------------
echononl "\tPrevent bridged traffic getting pushed through the host's iptables rules"
if $do_not_firewall_bridged_traffic ; then
$ip6t -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
echo_done
else
echo_skipped
fi
# -------------
# ------------ Stopping firewall if only flushing was requested (parameter flush)
# -------------

11
ip6t-firewall-server.conf.sample
View File

@ -64,9 +64,14 @@ ext_ifs="$ext_if_1 $ext_if_2 $ext_if_3"
# - is this a virtuel system ?
host_is_vm=false
# - Extern Interfaces Static Lines
# - (comma separated list)
#ext_if_static="eth0"
# - Prevent bridged traffic getting pushed through the
# - host's iptables rules
# -
# - Note: Maybe youe have also to activate forwarding
# -
# - Set: kernel_forward_between_interfaces=true
# -
do_not_firewall_bridged_traffic=false
# - VPN Interfaces
# - (comma separated list)

14
ipt-firewall-server
View File

@ -221,6 +221,20 @@ echo
# -------------
# --- Prevent bridged traffic getting pushed through the host's iptables rules
# -------------
echononl "\tPrevent bridged traffic getting pushed through the host's iptables rules"
if $do_not_firewall_bridged_traffic ; then
$ipt -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
echo_done
else
echo_skipped
fi
# -------------
# ------------ Stopping firewall if only flushing was requested (parameter flush)
# -------------

11
ipt-firewall-server.conf.sample
View File

@ -64,9 +64,14 @@ ext_ifs="$ext_if_1 $ext_if_2 $ext_if_3"
# - is this a virtuel system ?
host_is_vm=false
# - Extern Interfaces Static Lines
# - (comma separated list)
#ext_if_static="eth0"
# - Prevent bridged traffic getting pushed through the
# - host's iptables rules
# -
# - Note: Maybe youe have also to activate forwarding
# -
# - Set: kernel_activate_forwarding=true
# -
do_not_firewall_bridged_traffic=false
# - VPN Interfaces
# - (comma separated list)