Add per host output autorisation capability

This commit is contained in:
Tristan PILAT 2020-11-18 18:10:27 +01:00
parent c59e63d44d
commit a432511b04
2 changed files with 14 additions and 0 deletions

View File

@ -380,6 +380,17 @@ then
fi
fi
# If specified, we add per host output autorisation
if [ -n $OUTPUTOK ]
then
for item in $(echo $OUTPUTOK)
do
ip=$(echo $item | awk -F'!' '{print $1}')
port=$(echo $item | awk -F'!' '{print $2}')
$NFT add rule inet minifirewall minifirewall_output ip daddr $ip tcp dport $port counter accept
done
fi
# Related and established traffic is accepted
$NFT add rule inet minifirewall minifirewall_output ct state established,related accept

View File

@ -75,3 +75,6 @@ SMTPSECUREOK=''
# NTP authorizations
NTPOK='0.0.0.0/0'
# Per host output autorisations (IP!Port)
# OUTPUTOK='203.0.113.1!42 203.0.113.2!43'
OUTPUTOK=''