Add per host output autorisation capability
This commit is contained in:
parent
c59e63d44d
commit
a432511b04
|
@ -380,6 +380,17 @@ then
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# If specified, we add per host output autorisation
|
||||||
|
if [ -n $OUTPUTOK ]
|
||||||
|
then
|
||||||
|
for item in $(echo $OUTPUTOK)
|
||||||
|
do
|
||||||
|
ip=$(echo $item | awk -F'!' '{print $1}')
|
||||||
|
port=$(echo $item | awk -F'!' '{print $2}')
|
||||||
|
$NFT add rule inet minifirewall minifirewall_output ip daddr $ip tcp dport $port counter accept
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
# Related and established traffic is accepted
|
# Related and established traffic is accepted
|
||||||
$NFT add rule inet minifirewall minifirewall_output ct state established,related accept
|
$NFT add rule inet minifirewall minifirewall_output ct state established,related accept
|
||||||
|
|
||||||
|
|
|
@ -75,3 +75,6 @@ SMTPSECUREOK=''
|
||||||
# NTP authorizations
|
# NTP authorizations
|
||||||
NTPOK='0.0.0.0/0'
|
NTPOK='0.0.0.0/0'
|
||||||
|
|
||||||
|
# Per host output autorisations (IP!Port)
|
||||||
|
# OUTPUTOK='203.0.113.1!42 203.0.113.2!43'
|
||||||
|
OUTPUTOK=''
|
||||||
|
|
Loading…
Reference in a new issue