kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 2 Releases Activity

rework firewall setup

Browse source
This commit is contained in:
Franzi 2023-09-24 20:59:58 +02:00
parent be62c1270f
commit cd48cf495d
Signed by: kunsi
GPG key ID: 12E3D2136B818350
30 changed files with 145 additions and 122 deletions
Download patch file Download diff file Expand all files Collapse all files

6
nodes/home/nas.py
View file

@ -67,15 +67,15 @@ nodes['home.nas'] = {
},
'firewall': {
'port_rules': {
'4679': { # Dell ULNM
'4679/tcp': { # Dell ULNM
'172.19.136.0/25',
'172.19.138.0/24',
},
'5060': { # yate SIP
'5060/tcp': { # yate SIP
'home.snom-wohnzimmer',
'home.mitel-rfp35',
},
'5061': { # yate SIPS
'5061/tcp': { # yate SIPS
'home.snom-wohnzimmer',
'home.mitel-rfp35',
},

17
nodes/home/router.py
View file

@ -77,15 +77,16 @@ nodes['home.router'] = {
#'vars.notification.sms': True
},
'nftables': {
'rules': {
'forward': {
'50-router': [
# This is a router. Allow forwarding traffic for internal networks.
'inet filter forward ct state { related, established } accept',
# yaaaaay, IPv6! No NAT!
'inet filter forward ip6 nexthdr ipv6-icmp accept',
'inet filter forward tcp dport 22 accept',
'nat prerouting tcp dport 2022 dnat 172.19.138.20:22',
'ct state { related, established } accept',
'ip6 nexthdr ipv6-icmp accept',
'tcp dport 22 accept',
],
},
'prerouting': {
'50-router': [
'tcp dport 2022 dnat 172.19.138.20:22',
],
},
},