23 lines
712 B
Django/Jinja
23 lines
712 B
Django/Jinja
{#- vim: set sw=4 ts=4 sts=4 et : #}
|
|
table inet filter {
|
|
set firemon {
|
|
type ipv4_addr
|
|
flags interval
|
|
elements = {
|
|
{% for prefix in firemon_networks %}
|
|
{{ prefix }},
|
|
{% endfor %}
|
|
}
|
|
}
|
|
|
|
chain forward {
|
|
ct state established,related accept
|
|
iifname {{ dch_networks.guest.router_iface }} oif != {{ internet_iface }} drop
|
|
iif != {{ internet_iface }} oifname {{ dch_networks.guest.router_iface }} drop
|
|
iif != {{ internet_iface }} oif != {{ internet_iface }} counter accept
|
|
ip daddr @firemon counter accept
|
|
tcp dport smtp counter reject with icmpx type host-unreachable
|
|
oif {{ internet_iface }} accept
|
|
}
|
|
}
|