Add per host output autorisation capability
This commit is contained in:
parent
c59e63d44d
commit
a432511b04
|
@ -380,6 +380,17 @@ then
|
|||
fi
|
||||
fi
|
||||
|
||||
# If specified, we add per host output autorisation
|
||||
if [ -n $OUTPUTOK ]
|
||||
then
|
||||
for item in $(echo $OUTPUTOK)
|
||||
do
|
||||
ip=$(echo $item | awk -F'!' '{print $1}')
|
||||
port=$(echo $item | awk -F'!' '{print $2}')
|
||||
$NFT add rule inet minifirewall minifirewall_output ip daddr $ip tcp dport $port counter accept
|
||||
done
|
||||
fi
|
||||
|
||||
# Related and established traffic is accepted
|
||||
$NFT add rule inet minifirewall minifirewall_output ct state established,related accept
|
||||
|
||||
|
|
|
@ -75,3 +75,6 @@ SMTPSECUREOK=''
|
|||
# NTP authorizations
|
||||
NTPOK='0.0.0.0/0'
|
||||
|
||||
# Per host output autorisations (IP!Port)
|
||||
# OUTPUTOK='203.0.113.1!42 203.0.113.2!43'
|
||||
OUTPUTOK=''
|
||||
|
|
Loading…
Reference in a new issue