Mirrors
/
aredn
mirror of https://github.com/aredn/aredn.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve non-WAN firewalling

This commit is contained in:
Tim Wilkinson 2022-08-09 13:04:38 -07:00 committed by Joe AE6XE
parent c240d8a4a9
commit ac012ae7b2
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
files/etc/local/mesh-firewall/10-lan-to-wan
View File

@ -42,6 +42,13 @@ case "${noroute}" in
;;
*)
# LAN to WAN forwarding is disabled
# Inserted in reverse order
# Block traffic forwarding between LAN and local WAN (need this rule if WAN happens to be 10.X or 172.16.X)
# Allow traffic for mesh-IPs and tun-IPs
# Block traffic to all other IPs
iptables -I zone_lan_forward -j REJECT
iptables -I zone_lan_forward -d 172.16.0.0/12 -j ACCEPT
iptables -I zone_lan_forward -d 10.0.0.0/8 -j ACCEPT
iptables -I zone_lan_forward -o ${wan} -j REJECT
;;
esac