sonny/debian-setup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial commit

Browse source
This commit is contained in:
sonny 2021-12-28 10:24:08 +01:00
parent 9102d564f0
commit dc26255c92
11 changed files with 30 additions and 669 deletions
Download patch file Download diff file Expand all files Collapse all files

17
templates/nftables.j2
View file

@ -19,17 +19,14 @@ table ip filter {
# allow icmp
ip protocol icmp accept
iifname "br0" tcp dport {{ ssh_port }} accept comment "SSH"
iifname "br0" tcp dport { {{ http_port }}, {{ https_port }} } accept comment "HTTP/HTTPS"
iifname 'br0' tcp dport {{ ssh_port }} accept comment 'SSH'
iifname 'br0' tcp dport { {{ http_port }}, {{ https_port }} } accept comment 'HTTP/HTTPS'
iifname "br0" tcp dport {{ vpn_mobile_port }} accept comment "OpenVPN TCP"
iifname "br0" udp dport {{ vpn_mobile_port }} accept comment "OpenVPN UDP"
iifname "br0" tcp dport {{ vpn_lan_port }} accept comment "OpenVPN LAN TCP"
iifname "br0" udp dport {{ vpn_lan_port }} accept comment "OpenVPN LAN UDP"
iifname 'br0' tcp dport {{ vpn_port }} accept comment 'Wireguard'
iifname { "tun0", "tun1" } tcp dport { {{ http_port }}, {{ https_port }} } ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "HTTP/HTTPS"
iifname { "tun0", "tun1" } tcp dport {{ transmission_port }} ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "Transmission"
iifname { "tun0", "tun1" } tcp dport { {{ syncthing_gui_port }}, {{ syncthing_protocol_port }} } ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "Syncthing"
iifname { "tun0", "tun1" } tcp dport {{ mpd_port }} ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "MPD"
iifname '{{ vpn_interface }}' tcp dport { {{ http_port }}, {{ https_port }} } ip saddr {{ vpn_source_range }} ip daddr {{ vpn_destination_range }} accept comment 'HTTP/HTTPS'
iifname '{{ vpn_interface }}' tcp dport {{ transmission_port }} ip saddr {{ vpn_source_range }} ip daddr {{ vpn_destination_range }} accept comment 'Transmission'
iifname '{{ vpn_interface }}' tcp dport { {{ syncthing_gui_port }}, {{ syncthing_protocol_port }} } ip saddr {{ vpn_source_range }} ip daddr {{ vpn_destination_range }} accept comment 'Syncthing'
iifname '{{ vpn_interface }}' tcp dport {{ mpd_port }} ip saddr {{ vpn_source_range }} ip daddr {{ vpn_destination_range }} accept comment 'MPD'
}
}