33 lines
627 B
Django/Jinja
33 lines
627 B
Django/Jinja
# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
|
#
|
|
# vim:set ts=2 sw=2 et:
|
|
# use uppercase table names for compatibility with docker
|
|
|
|
flush ruleset
|
|
|
|
table inet filter {
|
|
chain input {
|
|
type filter hook input priority 0; policy drop;
|
|
|
|
# accept any localhost traffic
|
|
iif lo accept
|
|
|
|
# accept traffic originated from us
|
|
ct state { established, related } accept
|
|
|
|
tcp dport { 22, 80, 443 } accept
|
|
}
|
|
|
|
chain forward {
|
|
type filter hook forward priority 0; policy drop;
|
|
ct state { established, related } accept;
|
|
|
|
mark 1 accept
|
|
}
|
|
}
|
|
|
|
table ip filter {
|
|
chain DOCKER {
|
|
mark set 1
|
|
}
|
|
}
|