|
|
|
@ -16,6 +16,8 @@ iptables_default_head: | |
|
|
|
-A INPUT -i lo -j ACCEPT |
|
|
|
-A INPUT -i lo -j ACCEPT |
|
|
|
-A INPUT -m state --state NEW -p tcp --dport 22 -s {{ trusted_ip | default(['0.0.0.0/0']) | join(',') }} -j ACCEPT |
|
|
|
-A INPUT -m state --state NEW -p tcp --dport 22 -s {{ trusted_ip | default(['0.0.0.0/0']) | join(',') }} -j ACCEPT |
|
|
|
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT |
|
|
|
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT |
|
|
|
|
|
|
|
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT |
|
|
|
|
|
|
|
-A FORWARD -m state --state INVALID -j DROP |
|
|
|
|
|
|
|
|
|
|
|
iptables_default_tail: | |
|
|
|
iptables_default_tail: | |
|
|
|
-A INPUT -j LOGDENY |
|
|
|
-A INPUT -j LOGDENY |
|
|
|
|
Daniel Berteaud
5 years ago