From 1e56e9326be7e9c7f62c207888a60ba31c3997f6 Mon Sep 17 00:00:00 2001
From: rojoka <rojoka@users.noreply.github.com>
Date: Mon, 4 Nov 2019 18:08:39 +0100
Subject: [PATCH] Dropping RFC1918 traffic at forwarding chain

---
 files/interfaces-troisdorf7.j2 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/files/interfaces-troisdorf7.j2 b/files/interfaces-troisdorf7.j2
index 144c3f0..3b69f38 100644
--- a/files/interfaces-troisdorf7.j2
+++ b/files/interfaces-troisdorf7.j2
@@ -23,6 +23,10 @@ iface {{ sn_interface_name }} inet static
         post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
         post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
         post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
+        post-up iptables -A FORWARD -o $IFACE -d 10.0.0.0/8 -j DROP
+        post-up iptables -A FORWARD -o $IFACE -d 172.16.0.0/12 -j DROP
+        post-up iptables -A FORWARD -o $IFACE -d 169.254.0.0/16 -j DROP
+        post-up iptables -A FORWARD -o $IFACE -d 192.168.0.0/16 -j DROP
         post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
 #auto 6to4
 #        iface 6to4 inet6 6to4