Changeset 4999639 in lab.git for iptables/ufw/after.rules

Timestamp:

Jul 5, 2009 7:20:56 AM (15 years ago)

Author:

mitty <mitty@…>

Branches:

master, trunk

Children:

71b798c

Parents:

ab902ad

Message:

• change --log-level to "err"
• accept FORWARD from LAN (eth0 with 192.168.100.0/24)
• drop CIFS access from/to WAN (eth1)
• accept access from LAN
• add custom rules for 'setfilter' script
  • mangle.rules, raw.rules

git-svn-id: ​https://lab.mitty.jp/svn/lab/trunk@12 7d2118f6-f56c-43e7-95a2-4bb3031d96e7

File:

• iptables/ufw/after.rules (modified) (1 diff)

iptables/ufw/after.rules

@@ -25 +25 @@
 
 # catchall for logging
--A ufw-after-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK INPUT]: "
--A ufw-after-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK FORWARD]: "
+-A ufw-after-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK INPUT]: " --log-level err
+-A ufw-after-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK FORWARD]: " --log-level err
 
 # don't delete the 'COMMIT' line or these rules won't be processed