wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-08-02 02:43:01 +02:00
Code Issues Projects Releases Wiki Activity

Change ACCEPT to RETURN

Browse source
This commit is contained in:
David E. Myers 2020-02-14 08:54:07 -05:00
parent 97de49daa3
commit 72ecee553e
No known key found for this signature in database
GPG key ID: D871FCA54815086C
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/common/templates/rules.v4.j2
View file

@ -32,7 +32,7 @@ COMMIT
{% if wireguard_enabled and wireguard_port|int == wireguard_port_avoid|int %}
# Handle the special case of allowing access to WireGuard over an already used
# port like 53
-A PREROUTING -s {{ subnets|join(',') }} -p udp --dport {{ wireguard_port_avoid }} -j ACCEPT
-A PREROUTING -s {{ subnets|join(',') }} -p udp --dport {{ wireguard_port_avoid }} -j RETURN
-A PREROUTING --in-interface {{ ansible_default_ipv4['interface'] }} -p udp --dport {{ wireguard_port_avoid }} -j REDIRECT --to-port {{ wireguard_port_actual }}
{% endif %}
# Allow traffic from the VPN network to the outside world, and replies

2
roles/common/templates/rules.v6.j2
View file

@ -31,7 +31,7 @@ COMMIT
{% if wireguard_enabled and wireguard_port|int == wireguard_port_avoid|int %}
# Handle the special case of allowing access to WireGuard over an already used
# port like 53
-A PREROUTING -s {{ subnets|join(',') }} -p udp --dport {{ wireguard_port_avoid }} -j ACCEPT
-A PREROUTING -s {{ subnets|join(',') }} -p udp --dport {{ wireguard_port_avoid }} -j RETURN
-A PREROUTING --in-interface {{ ansible_default_ipv6['interface'] }} -p udp --dport {{ wireguard_port_avoid }} -j REDIRECT --to-port {{ wireguard_port_actual }}
{% endif %}
# Allow traffic from the VPN network to the outside world, and replies