packetcat
/
ansible-playbooks
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

POSTROUTING should be in nat chain

This commit is contained in:
staticsafe 2019-08-21 23:20:29 -04:00
parent e86367ed83
commit 83fcf86900
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v4
View File

@ -2,7 +2,6 @@
:INPUT DROP
:FORWARD ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp --icmp-type ping -j ACCEPT
@ -12,5 +11,10 @@
-A INPUT -p tcp -m multiport --dports 5269,5222 -j ACCEPT
-A INPUT -p udp --dport 1194 -j ACCEPT
-A INPUT -p udp --dport 53 -s 10.8.0.1/24 -j ACCEPT
*nat
:PREROUTING ACCEPT [226186:10260607]
:INPUT ACCEPT [226019:10250847]
:OUTPUT ACCEPT [14254:1056679]
:POSTROUTING ACCEPT [14254:1056679]
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT