[PATCH v2] fff-gateway: Add firewall rules to ensure nothing is forwarded onto WAN
Fabian Bläse
fabian at blaese.de
Di Sep 10 22:09:01 CEST 2019
Signed-off-by: Fabian Bläse <fabian at blaese.de>
---
Changes in v2:
- Fix redundant --reject-with parameter
---
.../fff/fff-gateway/files/usr/lib/firewall.d/10-no-forward-wan | 3 +++
1 file changed, 3 insertions(+)
create mode 100644 src/packages/fff/fff-gateway/files/usr/lib/firewall.d/10-no-forward-wan
diff --git a/src/packages/fff/fff-gateway/files/usr/lib/firewall.d/10-no-forward-wan b/src/packages/fff/fff-gateway/files/usr/lib/firewall.d/10-no-forward-wan
new file mode 100644
index 0000000..f989d6b
--- /dev/null
+++ b/src/packages/fff/fff-gateway/files/usr/lib/firewall.d/10-no-forward-wan
@@ -0,0 +1,3 @@
+# Ensure nothing is forwarded onto WAN interface
+iptables -A FORWARD -o $IF_WAN -j REJECT --reject-with icmp-net-unreachable
+ip6tables -A FORWARD -o $IF_WAN -j REJECT --reject-with no-route
--
2.23.0
Mehr Informationen über die Mailingliste franken-dev