42 lines
2.4 KiB
Plaintext
42 lines
2.4 KiB
Plaintext
local client_bridge = require 'gluon.client_bridge'
|
|
local site = require 'gluon.site'
|
|
local next_node = site.next_node({})
|
|
|
|
local macaddr = client_bridge.next_node_macaddr()
|
|
|
|
rule('FORWARD --logical-out br-client -i bat0 -o local-port -j DROP')
|
|
rule('FORWARD --logical-out br-client -i local-port -o bat0 -j DROP')
|
|
|
|
rule('PREROUTING --logical-in br-client -i bat0 -s ' .. macaddr .. ' -j DROP', 'nat')
|
|
rule('PREROUTING --logical-in br-client -i bat0 -d ' .. macaddr .. ' -j DROP', 'nat')
|
|
|
|
rule('FORWARD --logical-out br-client -o bat0 -d ' .. macaddr .. ' -j DROP')
|
|
rule('OUTPUT --logical-out br-client -o bat0 -d ' .. macaddr .. ' -j DROP')
|
|
rule('FORWARD --logical-out br-client -o bat0 -s ' .. macaddr .. ' -j DROP')
|
|
rule('OUTPUT --logical-out br-client -o bat0 -s ' .. macaddr .. ' -j DROP')
|
|
|
|
if next_node.ip4 then
|
|
rule('FORWARD --logical-out br-client -o bat0 -p ARP --arp-ip-src ' .. next_node.ip4 .. ' -j DROP')
|
|
rule('FORWARD --logical-out br-client -o bat0 -p ARP --arp-ip-dst ' .. next_node.ip4 .. ' -j DROP')
|
|
rule('FORWARD --logical-out br-client -i bat0 -p ARP --arp-ip-src ' .. next_node.ip4 .. ' -j DROP')
|
|
rule('FORWARD --logical-out br-client -i bat0 -p ARP --arp-ip-dst ' .. next_node.ip4 .. ' -j DROP')
|
|
|
|
rule('OUTPUT --logical-out br-client -o bat0 -p ARP --arp-ip-src ' .. next_node.ip4 .. ' -j DROP')
|
|
rule('OUTPUT --logical-out br-client -o bat0 -p ARP --arp-ip-dst ' .. next_node.ip4 .. ' -j DROP')
|
|
|
|
rule('INPUT -i bat0 -p ARP --arp-ip-src ' .. next_node.ip4 .. ' -j DROP')
|
|
rule('INPUT -i bat0 -p ARP --arp-ip-dst ' .. next_node.ip4 .. ' -j DROP')
|
|
|
|
rule('FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-destination ' .. next_node.ip4 .. ' -j DROP')
|
|
rule('OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-destination ' .. next_node.ip4 .. ' -j DROP')
|
|
rule('FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-source ' .. next_node.ip4 .. ' -j DROP')
|
|
rule('OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-source ' .. next_node.ip4 .. ' -j DROP')
|
|
end
|
|
|
|
if next_node.ip6 then
|
|
rule('FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-destination ' .. next_node.ip6 .. ' -j DROP')
|
|
rule('OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-destination ' .. next_node.ip6 .. ' -j DROP')
|
|
rule('FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-source ' .. next_node.ip6 .. ' -j DROP')
|
|
rule('OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-source ' .. next_node.ip6 .. ' -j DROP')
|
|
end
|