22 lines
871 B
Django/Jinja
22 lines
871 B
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
{% if firewall_input_default_drop %}
|
|
# Allow ICMP
|
|
ip6tables -A INPUT -p icmpv6 -j ACCEPT
|
|
|
|
# Drop everything else
|
|
ip6tables -A INPUT -m pkttype --pkt-type broadcast -j DROP
|
|
ip6tables -A INPUT -m limit --limit 10/min --limit-burst 2 -j LOG --log-prefix "{{ firewall_log_prefix }} INPUT DROP: " --log-level 5
|
|
ip6tables -A INPUT -j DROP
|
|
{% endif %}
|
|
|
|
{% if firewall_output_default_drop %}
|
|
# Allow ICMP
|
|
ip6tables -A OUTPUT -p icmpv6 ! --icmpv6-type echo-request -j ACCEPT
|
|
|
|
# Drop everything else
|
|
ip6tables -A OUTPUT -p tcp --syn -m limit --limit 10/min --limit-burst 2 -j LOG --log-prefix "{{ firewall_log_prefix }} OUTPUT DROP: " --log-level 5 --log-uid
|
|
ip6tables -A OUTPUT ! -p tcp -m limit --limit 10/min --limit-burst 2 -j LOG --log-prefix "{{ firewall_log_prefix }} OUTPUT DROP: " --log-level 5 --log-uid
|
|
ip6tables -A OUTPUT -j REJECT
|
|
{% endif %}
|