Disable IPv6 forwarding on node 2

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-06-15 11:52:48 +02:00
parent 8f8bd941af
commit b90a98cedc
2 changed files with 9 additions and 5 deletions
--- a/firewall/restrict-http.conf
+++ b/firewall/restrict-http.conf
@ -8,8 +8,9 @@ table inet filter {
    }
    chain forward {
        type filter hook forward priority 0; policy accept
-        ip6 saddr fd00:42::/32 dport { 80 } reject;
-        ip6 daddr fd00:42::/32 dport { 80 } reject;
+        ip daddr 172.17.0.0/30 tcp dport { 80 } accept;
+        tcp dport { 0-65535 } reject;
+        udp dport { 0-65535 }  reject;
        accept
    }
    chain output {