Update tinc-up.tmpl

This commit is contained in:
Manevolent 2023-04-23 20:28:50 -06:00 committed by GitHub
parent 6828b71814
commit b358f122df
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -16,7 +16,8 @@ iptables -t nat -I PREROUTING -d {{ . }} -i eth0 -j DNAT --to-destination ${tinc
# Plugins may communicate over eth0, the 'internal' docker network.
# Because of this, we should allow masquerading NAT through eth0
iptables -A FORWARD -i eth0 -o \$INTERFACE -j ACCEPT
iptables -t nat -A POSTROUTING -i eth0 -o \$INTERFACE -j MASQUERADE
iptables -t nat -A PREROUTING -i eth0 -j MARK --set-mark 1
iptables -t nat -A POSTROUTING -m mark --mark 1 -o \$INTERFACE -j MASQUERADE
# Prevent spoofing attacks
iptables -A FORWARD -i \$INTERFACE ! -s ${network_address}/${global_prefix:-16} -j DROP