2020-06-09 16:49:14 +00:00
|
|
|
#!/bin/sh
|
2020-06-21 05:01:27 +00:00
|
|
|
{{ if len "${ip_aliases:-}" }}{{ range "$ip_aliases" | split "," }}iptables -t nat -D PREROUTING -d {{ . }} -i \$INTERFACE -j DNAT --to-destination ${tinc_peer_address}
|
2020-06-26 13:17:16 -06:00
|
|
|
iptables -t nat -D PREROUTING -d {{ . }} -i eth0 -j DNAT --to-destination ${tinc_peer_address}
|
2020-06-21 05:01:27 +00:00
|
|
|
{{ end }}{{ end }}
|
2020-06-09 16:49:14 +00:00
|
|
|
|
2020-06-09 16:26:25 +00:00
|
|
|
# Disable IPv4 kernel routing/forwarding for this network
|
2020-06-09 16:32:09 +00:00
|
|
|
iptables -D FORWARD -o \$INTERFACE -d ${network_address}/${global_prefix:-16} -j ACCEPT
|
2020-06-26 13:17:16 -06:00
|
|
|
{{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}iptables -D FORWARD -o eth0 -d {{.}} -j ACCEPT
|
2020-06-09 16:26:25 +00:00
|
|
|
{{ end }}{{ end }}
|
2020-06-12 23:13:06 +00:00
|
|
|
|
|
|
|
# Prevent spoofing attacks
|
2020-06-12 23:17:41 +00:00
|
|
|
iptables -D FORWARD -i \$INTERFACE ! -s ${network_address}/${global_prefix:-16} -j DROP
|
2020-06-12 23:13:06 +00:00
|
|
|
{{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}iptables -D FORWARD -i \$INTERFACE -s {{.}} -j DROP
|
2020-06-21 05:01:27 +00:00
|
|
|
{{ end }}{{ end }}
|