From f506425d76edefde2344f3afe3db2f2ce03ae3f3 Mon Sep 17 00:00:00 2001 From: rojoka Date: Mon, 4 Nov 2019 18:08:06 +0100 Subject: [PATCH] Dropping RFC1918 traffic at forwarding chain --- files/interfaces-troisdorf6.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/files/interfaces-troisdorf6.j2 b/files/interfaces-troisdorf6.j2 index 113874b..6e376f3 100644 --- a/files/interfaces-troisdorf6.j2 +++ b/files/interfaces-troisdorf6.j2 @@ -24,6 +24,10 @@ iface {{ sn_interface_name }} inet static post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP + post-up iptables -A FORWARD -o $IFACE -d 10.0.0.0/8 -j DROP + post-up iptables -A FORWARD -o $IFACE -d 172.16.0.0/12 -j DROP + post-up iptables -A FORWARD -o $IFACE -d 169.254.0.0/16 -j DROP + post-up iptables -A FORWARD -o $IFACE -d 192.168.0.0/16 -j DROP post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE auto 6to4