puppet-ff_gw/files/etc/iptables/rules.v4
ohrensessel f555ac2276 Fix some problems with routing
before it happened regulary that locally generated ICMP messages
left eth0 with wrong source address instead of going out via the vpn interface
2014-08-19 11:18:38 +02:00

31 lines
1.1 KiB
Text

# Generated by iptables-save v1.4.14 on Mon Aug 18 22:31:43 2014
*nat
:PREROUTING ACCEPT [1508898:60980199]
:INPUT ACCEPT [85622:9125051]
:OUTPUT ACCEPT [195829:12103496]
:POSTROUTING ACCEPT [194526:11989631]
-A POSTROUTING -o mullvad -j MASQUERADE
COMMIT
# Completed on Mon Aug 18 22:31:43 2014
# Generated by iptables-save v1.4.14 on Mon Aug 18 22:31:43 2014
*mangle
:PREROUTING ACCEPT [100732184:31760093690]
:INPUT ACCEPT [88878861:23870786312]
:FORWARD ACCEPT [10499612:7842070628]
:OUTPUT ACCEPT [158193447:33293545226]
:POSTROUTING ACCEPT [168692266:41135440990]
-A PREROUTING -i br-ffhh -j MARK --set-xmark 0x1/0xffffffff
-A PREROUTING -i mullvad -j MARK --set-xmark 0x1/0xffffffff
COMMIT
# Completed on Mon Aug 18 22:31:43 2014
# Generated by iptables-save v1.4.14 on Mon Aug 18 22:31:43 2014
*filter
:INPUT ACCEPT [88878720:23870769673]
:FORWARD ACCEPT [10499612:7842070628]
:OUTPUT ACCEPT [158192660:33293370754]
-A INPUT -i mullvad -m state --state INVALID,NEW,UNTRACKED -j DROP
-A FORWARD -i mullvad -m state --state INVALID,NEW,UNTRACKED -j DROP
-A FORWARD -o eth0 -j DROP
-A FORWARD -i eth0 -j DROP
COMMIT
# Completed on Mon Aug 18 22:31:43 2014