evolix
/
minifirewall
21
0
Fork 0
Code Issues 4 Pull Requests 3 Releases 1 Activity

Add rules to open traceroute UDP port.

This commit is contained in:
Romain Dessort 2012-10-24 10:32:05 +02:00
parent b57dddf917
commit 7795b715e6
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
firewall.rc
View File

@ -81,13 +81,15 @@ NTPOK='0.0.0.0/0'
/sbin/ip6tables -A INPUT -i $INT -p tcp --sport 80 --match state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/ip6tables -A INPUT -i $INT -p tcp --sport 443 --match state --state ESTABLISHED,RELATED -j ACCEPT
# Allow DNS and NTP traffic
# Allow DNS, NTP and traceroute traffic
/sbin/ip6tables -A OUTPUT -p udp --dport 53 --match state --state NEW -j ACCEPT
/sbin/ip6tables -A OUTPUT -p udp --dport 123 --match state --state NEW -j ACCEPT
/sbin/ip6tables -A OUTPUT -p udp --dport 33434:33523 --match state --state NEW -j ACCEPT
################### IPv4 Specific rules
# /sbin/iptables ...
# Allow DNS and NTP
# Allow DNS, NTP and traceroute traffic
/sbin/iptables -A OUTPUT -p udp --dport 53 --match state --state NEW -j ACCEPT
/sbin/iptables -A OUTPUT -p udp --dport 123 --match state --state NEW -j ACCEPT
/sbin/iptables -A OUTPUT -p udp --dport 123 --match state --state NEW -j ACCEPT
/sbin/iptables -A OUTPUT -p udp --dport 33434:33523 --match state --state NEW -j ACCEPT