2018-10-14 16:49:38 +00:00
|
|
|
#! /sbin/nft -f
|
|
|
|
|
|
|
|
table inet firewall {
|
|
|
|
|
|
|
|
set allowed_daddr_prerezotage {
|
2019-02-09 09:23:05 +00:00
|
|
|
type ipv4_addr
|
2018-10-14 16:49:38 +00:00
|
|
|
flags interval
|
|
|
|
elements = {
|
|
|
|
$comnpay,
|
2019-09-14 17:50:06 +00:00
|
|
|
$website,
|
|
|
|
$external_dns,
|
|
|
|
$intranet
|
2018-10-14 16:49:38 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
chain to_prerezotage {
|
2019-02-09 09:23:05 +00:00
|
|
|
accept
|
2018-10-14 16:49:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
chain from_prerezotage {
|
2019-02-09 09:23:05 +00:00
|
|
|
ip daddr != @allowed_daddr_prerezotage drop
|
2018-10-14 16:49:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|
2019-01-08 23:21:24 +00:00
|
|
|
|
|
|
|
table nat {
|
2019-02-09 09:23:05 +00:00
|
|
|
chain prerezotage_nat {
|
2019-04-29 22:12:26 +00:00
|
|
|
snat to $ip_self_public
|
2019-01-08 23:21:24 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|