Mic92
/
ferm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ferm/ferm.conf

36 lines
1010 B
Plaintext
Raw Blame History

@def $subnet = 10.100.0.0/16;
@def $bridge = br0;
@def $internet = "enp2s0";
@def $wanip = `ip a s enp2s0 | awk '{if($0 ~ "inet "){split($2,a,"/");print a[1]}}'`;
include 'ferm.d/functions';
include `find ferm.d/services/*`;
domain (ip ip6) {
table nat {
chain PREROUTING policy ACCEPT;
chain POSTROUTING policy ACCEPT;
chain INPUT policy ACCEPT;
chain OUTPUT policy ACCEPT;
}
table filter {
chain FORWARD {
interface $bridge protocol tcp dport smtp REJECT reject-with tcp-reset;
interface $bridge outerface $internet ACCEPT;
}
chain (INPUT FORWARD) {
policy DROP;
interface lo ACCEPT;
protocol icmp ACCEPT;
mod conntrack ctstate (RELATED ESTABLISHED) ACCEPT;
protocol tcp REJECT reject-with tcp-reset;
protocol udp REJECT reject-with icmp-port-unreachable;
REJECT reject-with icmp-port-unreachable;
}
chain OUTPUT policy ACCEPT;
}
}
domain ip table nat {
chain POSTROUTING outerface $internet MASQUERADE;
}
Reference in New Issue View Git Blame Copy Permalink