jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

firewall: make sure blocklist is first in the forward chain

Browse Source
This commit is contained in:
Girish Ramakrishnan
2020-09-09 17:47:20 -07:00
parent eae33161c1
commit 722808a0e4
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
setup/start/cloudron-firewall.sh
View File

@@ -12,12 +12,12 @@ ipset create cloudron_blocklist hash:net || true
iptables -t filter -A CLOUDRON -m set --match-set cloudron_blocklist src -j DROP
if ! iptables -t filter -C FORWARD -m set --match-set cloudron_blocklist src -j DROP; then
iptables -t filter -I FORWARD -m set --match-set cloudron_blocklist src -j DROP
iptables -t filter -A FORWARD -m set --match-set cloudron_blocklist src -j DROP
fi
# allow related and establisted connections
iptables -t filter -I CLOUDRON -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A CLOUDRON -p tcp -m tcp -m multiport --dports 22,25,80,202,443 -j ACCEPT # 202 is the alternate ssh port
iptables -t filter -A CLOUDRON -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A CLOUDRON -p tcp -m tcp -m multiport --dports 22,25,80,202,443 -j ACCEPT # 202 is the alternate ssh port
# whitelist any user ports
user_firewall_json="/home/yellowtent/boxdata/firewall-config.json"