This commit is contained in:
Jörg Thalheim 2015-11-14 21:54:06 +00:00
parent 9879f1ddaa
commit d36c76dd28
5 changed files with 18 additions and 9 deletions

View File

@ -27,6 +27,7 @@ domain (ip ip6) {
policy DROP; policy DROP;
interface lo ACCEPT; interface lo ACCEPT;
protocol icmp ACCEPT; protocol icmp ACCEPT;
protocol tcp dport 22 ACCEPT;
mod conntrack ctstate (RELATED ESTABLISHED) ACCEPT; mod conntrack ctstate (RELATED ESTABLISHED) ACCEPT;
LOG log-prefix "iptables reject:"; LOG log-prefix "iptables reject:";

7
services-eve/45-btsync Normal file
View File

@ -0,0 +1,7 @@
&def_service(btsync-web, btsync, tcp, 8888);
&def_service(btsync-tcp, btsync, tcp, 5555);
&def_service(btsync-udp, btsync, udp, 5555);
&allow_service_for(btsync-web, web);
&forward_to_service(btsync-tcp, tcp, 5555);
&forward_to_service(btsync-udp, udp, 5555);

View File

@ -5,10 +5,3 @@
&forward_to_service(dns2, tcp, 53); &forward_to_service(dns2, tcp, 53);
&allow_service_for_all(dns); &allow_service_for_all(dns);
&allow_service_for_all(dns2); &allow_service_for_all(dns2);
# chain to allow forwarding to the service
domain ip table filter chain FORWARD {
@def $ns1_ip4 = @resolve(ns1.evenet.dn42, A);
@def $ns2_ip4 = @resolve(ns2.evenet.dn42, A);
daddr ($ns1_ip4 $ns2_ip4) protocol udp dport 53 ACCEPT;
}

View File

@ -0,0 +1,8 @@
&def_service(letsencrypt1, letsencrypt, tcp, 80);
&def_service(letsencrypt2, letsencrypt, tcp, 443);
&allow_service_for_all(letsencrypt1);
&allow_service_for_all(letsencrypt2);
@def $lets_ip4 = @resolve("letsencrypt.eve.higgsboson.tk", A);
@def $lets_ip6 = @resolve("ipv6.letsencrypt.eve.higgsboson.tk", AAAA);
@def $lets_ula = @resolve("ula.letsencrypt.eve.higgsboson.tk", AAAA);
table filter chain FORWARD daddr @ipfilter(($lets_ip4 $lets_ip6 $lets_ula)) protocol tcp dport (80 443) ACCEPT;

View File

@ -10,8 +10,8 @@
&def_service(ts3_devkid, teamspeak, udp, 9987); &def_service(ts3_devkid, teamspeak, udp, 9987);
&forward_to_service(ts3_devkid, udp, 9987); &forward_to_service(ts3_devkid, udp, 9987);
&def_service(ts3_ist, teamspeak, udp, 4242); &def_service(ts3_martijn, teamspeak, udp, 22222);
&forward_to_service(ts3_ist, udp, 4242); &forward_to_service(ts3_martijn, udp, 22222);
&def_service(ts3_martin, teamspeak, udp, 5037); &def_service(ts3_martin, teamspeak, udp, 5037);
&forward_to_service(ts3_martin, udp, 5037); &forward_to_service(ts3_martin, udp, 5037);