ura:urx:firewall
firewall
81 - cluster14 173.16.1.57
89 - orbita88 173.16.0.11
4101 - ura2:3333 (u-r01-r01) eth
4102 - ura2:42000 (u-r01-r01) zec
4103 - ura1:42000 (home1) zec
4104 - ura1:3334 (home1) xmr
4105 - ura2:3334 (u-r01-r01) xmr
4106 - ura1:3333 (home1) eth
4107 - ura2:3335 (u-r01-r01) rvn
4108 - ura1:3335 (home1) rvn
4109 - ura1:4067 (home1) sero
4110 - 173.16.0.57:4067 (f002) sero
4211 - cluster11:80
4212 - cluster12:80
4213 - cluster13:80
4214 - cluster14:80
8001 - work1:80
8002 - work2:80
- /etc/systemd/system/firewall.service
[Unit] Description=Firewall After=network.target After=syslog.target [Service] Type=forking ExecStart=/etc/firewall/rules.sh [Install] WantedBy=multi-user.target
- /etc/firewall/rules.sh
#!/bin/bash IPT=/sbin/iptables IPTS=/sbin/iptables-save # ------------------------------- $IPT -F $IPT -F -t nat $IPT -F -t mangle $IPT -P INPUT ACCEPT $IPT -P OUTPUT ACCEPT $IPT -P FORWARD ACCEPT # ------------------------------- $IPT -t mangle -A POSTROUTING -j TTL --ttl-set 65 # ------------------------------- # vpn $IPT -t nat -A POSTROUTING -p icmp -d 173.0.0.0/8 -j MASQUERADE $IPT -A FORWARD -p icmp -d 173.0.0.0/8 -j ACCEPT $IPT -t nat -A POSTROUTING -p udp -d 173.0.0.0/8 -j MASQUERADE $IPT -A FORWARD -p udp -d 173.0.0.0/8 -j ACCEPT $IPT -t nat -A POSTROUTING -p tcp -d 173.0.0.0/8 -j MASQUERADE $IPT -A FORWARD -p tcp -d 173.0.0.0/8 -j ACCEPT # ------------------------------- $IPT -t nat -A POSTROUTING -p all -o eth0 -j MASQUERADE $IPT -t nat -A POSTROUTING -p all -o wlan0 -j MASQUERADE # ------------------------------- # ------------------------------- $IPTS > /etc/firewall/rules
>$ systemctl enable firewall.service
ura/urx/firewall.txt · Последнее изменение: 2022/02/19 15:53 — ura2404