arif/salt-formula-pppoe
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
salt-formula-pppoe/pppoe/templates/rules.v4.j2
Arif Ali 2e9e10a2af Initial Commit
2022-01-03 11:51:45 +00:00

31 lines
1.4 KiB
Django/Jinja
Raw Blame History

{%- from "pppoe/map.jinja" import pppoe with context -%}
*filter
--append INPUT --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
--append INPUT --in-interface {{ pppoe.interfaces.lan }} --jump ACCEPT
--append INPUT --in-interface lo --jump ACCEPT
--append INPUT --in-interface {{ pppoe.interfaces.ppp }} --protocol icmp --icmp-type echo-request --match limit --limit 1/second --jump ACCEPT
--append INPUT --in-interface {{ pppoe.interfaces.ppp }} --protocol icmp --icmp-type fragmentation-needed --jump ACCEPT
--append INPUT --in-interface {{ pppoe.interfaces.ppp }} --protocol icmp --icmp-type time-exceeded --jump ACCEPT
--append INPUT --jump REJECT
{% for item in pppoe.ip_forwards -%}
--append FORWARD -p tcp -d {{ item.dst_ip }} --dport {{ item.dst_port }} -j ACCEPT
{% endfor %}
--append FORWARD --match conntrack --ctstate ESTABLISHED,RELATED,DNAT --jump ACCEPT
--append FORWARD --in-interface {{ pppoe.interfaces.lan }} --jump ACCEPT
--append FORWARD --jump REJECT
COMMIT
*nat
--append POSTROUTING --out-interface {{ pppoe.interfaces.ppp }} --jump MASQUERADE
{% for item in pppoe.ip_forwards -%}
# {{ item.desc }}
--append PREROUTING -i {{ pppoe.interfaces.ppp }} -p tcp --dport {{ item.src_port }} -j DNAT --to-destination {{ item.dst_ip }}:{{ item.dst_port }}
{% endfor %}
COMMIT
*mangle
--append FORWARD --protocol tcp --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu
COMMIT
Reference in New Issue View Git Blame Copy Permalink