miaou
/
miaou-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
provisioning tool for building opinionated architecture
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
76 Commits
1 Branch
7 Tags
642 KiB
Tree: 0.0.6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0.0.6'
${ noResults }
miaou-server/templates/nftables/lxd.table.j2

34 lines
1.3 KiB
Raw Permalink Normal View History

second commit
7 months ago
jinja template no format on save
5 months ago
second commit
7 months ago
jinja template no format on save
5 months ago
passthrough ok
5 months ago
jinja template no format on save
5 months ago
second commit
7 months ago
jinja template no format on save
5 months ago
second commit
7 months ago
jinja template no format on save
5 months ago
second commit
7 months ago
jinja template no format on save
5 months ago
second commit
7 months ago
jinja template no format on save
5 months ago
second commit
7 months ago
  1. table inet lxd {
  2. chain pstrt.lxdbr0 {
  3. type nat hook postrouting priority srcnat; policy accept;
  5. {%- if target != 'prod' %}
  6. # BLOCK SMTP PORTS
  7. tcp dport { 25, 465, 587 } ip saddr {{ firewall.bridge_subnet }} {%- if firewall.container_mail_passthrough %} ip saddr != {{ env.ip_mail_passthrough }} {% endif %} log prefix "Drop SMTP away from container: " drop
  8. {% endif -%}
  10. ip saddr {{ firewall.bridge_subnet }} ip daddr != {{ firewall.bridge_subnet }} masquerade
  11. }
  13. chain fwd.lxdbr0 {
  14. type filter hook forward priority filter; policy accept;
  15. ip version 4 oifname "lxdbr0" accept
  16. ip version 4 iifname "lxdbr0" accept
  17. }
  19. chain in.lxdbr0 {
  20. type filter hook input priority filter; policy accept;
  21. iifname "lxdbr0" tcp dport 53 accept
  22. iifname "lxdbr0" udp dport 53 accept
  23. iifname "lxdbr0" icmp type { destination-unreachable, time-exceeded, parameter-problem } accept
  24. iifname "lxdbr0" udp dport 67 accept
  25. }
  27. chain out.lxdbr0 {
  28. type filter hook output priority filter; policy accept;
  29. oifname "lxdbr0" tcp sport 53 accept
  30. oifname "lxdbr0" udp sport 53 accept
  31. oifname "lxdbr0" icmp type { destination-unreachable, time-exceeded, parameter-problem } accept
  32. oifname "lxdbr0" udp sport 67 accept
  33. }
  34. }