Update tinc-up.tmpl

This commit is contained in:
Manevolent 2024-01-29 19:13:11 -07:00 committed by GitHub
parent 70a20c82a1
commit 455830e5eb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -13,10 +13,11 @@ ifconfig ${internal_interface} ${internal_address6}/${internal_mask6:-128}
iptables -t nat -I PREROUTING -d {{ . }} -i eth0 -j DNAT --to-destination ${tinc_peer_address}
{{ end }}{{ end }}
iptables -A FORWARD -i eth0 -o \$INTERFACE -j ACCEPT
# Plugins may communicate over eth0, the 'internal' docker network.
# Because of this, we should allow masquerading NAT through eth0
iptables -A FORWARD -i eth0 -o \$INTERFACE -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -j MARK --set-mark 1
iptables -t nat -A PREROUTING -i eth0 ! -s ${network_address}/${global_prefix:-16} -j MARK --set-mark 1
iptables -t nat -A POSTROUTING -m mark --mark 1 -o \$INTERFACE -j MASQUERADE
# Prevent spoofing attacks