diff options
author | Emil Renner Berthing <esmil@labitat.dk> | 2017-11-16 17:18:24 +0100 |
---|---|---|
committer | Emil Renner Berthing <esmil@labitat.dk> | 2017-11-17 15:03:20 +0100 |
commit | fb8f2a13aa2aeb2b126b8b391a173cf3e7b3231a (patch) | |
tree | b3e66f2a23aeea0149d60ad5ed686f4624e3398e /roles/space_server/files/nftables | |
parent | abe090b25244399b8a8852e69f0f1e4e0c9d1662 (diff) | |
download | labitat-ansible-fb8f2a13aa2aeb2b126b8b391a173cf3e7b3231a.tar.gz labitat-ansible-fb8f2a13aa2aeb2b126b8b391a173cf3e7b3231a.tar.xz labitat-ansible-fb8f2a13aa2aeb2b126b8b391a173cf3e7b3231a.zip |
space_server: enable IPv6 on the free wifi
Diffstat (limited to 'roles/space_server/files/nftables')
-rw-r--r-- | roles/space_server/files/nftables/nftables.conf | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/roles/space_server/files/nftables/nftables.conf b/roles/space_server/files/nftables/nftables.conf index 30233b0..f038d60 100644 --- a/roles/space_server/files/nftables/nftables.conf +++ b/roles/space_server/files/nftables/nftables.conf @@ -102,15 +102,15 @@ table ip filter { ct state established,related accept ct state invalid drop + # accept all traffic to spacewand + ip daddr $spacewand4 accept + ip saddr $labitat udp dport 161 counter accept # traffic stats # no traffic to admin net ip daddr $adm_net4 ip saddr $int_net4 reject with icmp type net-prohibited ip daddr $adm_net4 drop - # accept all traffic to spacewand - ip daddr $spacewand4 accept - # local traffic iif $adm_if ip saddr $adm_net4 accept iif $wire_if ip saddr $wire_net4 accept @@ -163,11 +163,12 @@ table ip6 filter { ct state established,related accept ct state invalid drop + # accept all traffic to spacewand ip6 daddr $spacewand6 accept iif $wire_if ip6 saddr $wire_net6 accept iif $priv_if ip6 saddr $priv_net6 accept - #iif $free_if ip6 saddr $free_net6 ip6 daddr != $int_net6 accept + iif $free_if ip6 saddr $free_net6 ip6 daddr != $ext_net6 accept iif $pass_if ip6 saddr $pass_net6 accept iif $serv_if ip6 saddr $serv_net6 accept |