Dropping RFC1918 traffic at forwarding chain

2019-11-04 18:07:17 +01:00 · 2019-11-04 18:07:17 +01:00 · d31d1649f7
commit d31d1649f7
parent 9b113feecd
1 changed files with 4 additions and 0 deletions
--- a/files/interfaces-troisdorf5.j2
+++ b/files/interfaces-troisdorf5.j2
@ -24,6 +24,10 @@ iface {{ sn_interface_name }} inet static
        post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
        post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
        post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
+        post-up iptables -A FORWARD -o $IFACE -d 10.0.0.0/8 -j DROP
+        post-up iptables -A FORWARD -o $IFACE -d 172.16.0.0/12 -j DROP
+        post-up iptables -A FORWARD -o $IFACE -d 169.254.0.0/16 -j DROP
+        post-up iptables -A FORWARD -o $IFACE -d 192.168.0.0/16 -j DROP
        post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
 auto 6to4
 	iface 6to4 inet6 6to4