Move iptables preload configs to correct sections
This commit is contained in:
parent
3dabd9e629
commit
b71fb7003d
|
@ -79,6 +79,13 @@ fn filter(interfaces: &Interfaces) -> String {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for iface in &interfaces.tunnel {
|
||||||
|
filter += &format!(
|
||||||
|
"-A INPUT -i {tunface} -j ACCEPT\n",
|
||||||
|
tunface = iface.interface,
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
filter += &format!(
|
filter += &format!(
|
||||||
"-A INPUT -s {universe} -d {universe} -j REJECT\n",
|
"-A INPUT -s {universe} -d {universe} -j REJECT\n",
|
||||||
universe = UNIVERSE
|
universe = UNIVERSE
|
||||||
|
@ -152,6 +159,13 @@ fn filter(interfaces: &Interfaces) -> String {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for iface in &interfaces.tunnel {
|
||||||
|
filter += &format!(
|
||||||
|
"-A OUTPUT -o {tunface} -j ACCEPT\n",
|
||||||
|
tunface = iface.interface,
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
// Allow traffic out from external interface to anywhere
|
// Allow traffic out from external interface to anywhere
|
||||||
filter += &format!(
|
filter += &format!(
|
||||||
"-A OUTPUT -o {extif} -s {extip}/{extmask} -d {universe} -j ACCEPT\n",
|
"-A OUTPUT -o {extif} -s {extip}/{extmask} -d {universe} -j ACCEPT\n",
|
||||||
|
@ -186,10 +200,6 @@ fn filter(interfaces: &Interfaces) -> String {
|
||||||
|
|
||||||
// Accept packets over tunnel interfaces
|
// Accept packets over tunnel interfaces
|
||||||
for iface in &interfaces.tunnel {
|
for iface in &interfaces.tunnel {
|
||||||
filter += &format!(
|
|
||||||
"-A INPUT -o {tunface} -j ACCEPT\n",
|
|
||||||
tunface = iface.interface,
|
|
||||||
);
|
|
||||||
filter += &format!(
|
filter += &format!(
|
||||||
"-A FORWARD -i {tunface} -j ACCEPT\n",
|
"-A FORWARD -i {tunface} -j ACCEPT\n",
|
||||||
tunface = iface.interface,
|
tunface = iface.interface,
|
||||||
|
@ -198,10 +208,6 @@ fn filter(interfaces: &Interfaces) -> String {
|
||||||
"-A FORWARD -o {tunface} -j ACCEPT\n",
|
"-A FORWARD -o {tunface} -j ACCEPT\n",
|
||||||
tunface = iface.interface,
|
tunface = iface.interface,
|
||||||
);
|
);
|
||||||
filter += &format!(
|
|
||||||
"-A OUTPUT -o {tunface} -j ACCEPT\n",
|
|
||||||
tunface = iface.interface,
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Accept TCP packets
|
// Accept TCP packets
|
||||||
|
|
Loading…
Reference in a new issue