Dropping RFC1918 traffic at forwarding chain
This commit is contained in:
rojoka
GitHub
parent
f506425d76
commit
1e56e9326b
@ -23,6 +23,10 @@ iface {{ sn_interface_name }} inet static
|
|||||||
post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
|
post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
|
||||||
post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
|
post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
|
||||||
post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
|
post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
|
||||||
|
post-up iptables -A FORWARD -o $IFACE -d 10.0.0.0/8 -j DROP
|
||||||
|
post-up iptables -A FORWARD -o $IFACE -d 172.16.0.0/12 -j DROP
|
||||||
|
post-up iptables -A FORWARD -o $IFACE -d 169.254.0.0/16 -j DROP
|
||||||
|
post-up iptables -A FORWARD -o $IFACE -d 192.168.0.0/16 -j DROP
|
||||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
|
post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
|
||||||
#auto 6to4
|
#auto 6to4
|
||||||
# iface 6to4 inet6 6to4
|
# iface 6to4 inet6 6to4
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user