diff options
| author | Lars Wirzenius <liw@liw.fi> | 2017-10-20 14:25:56 +0300 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2017-10-20 14:25:56 +0300 |
| commit | 3ab7600518bdf7e5d0d59245b92b910d3f34adf3 (patch) | |
| tree | b9d0cf9ba7c48f58b184ca9bef498319a661b2f2 | |
| parent | 780ec8ab9144dc575d66a957bca753eb77c1c46a (diff) | |
| download | minipc-router-qvarnlabs/caprica.tar.gz | |
Fix: allow printer access to router, but not beyondqvarnlabs/caprica
| -rw-r--r-- | ansible/roles/router/templates/ferm.conf.j2 | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/ansible/roles/router/templates/ferm.conf.j2 b/ansible/roles/router/templates/ferm.conf.j2 index adf0248..9037927 100644 --- a/ansible/roles/router/templates/ferm.conf.j2 +++ b/ansible/roles/router/templates/ferm.conf.j2 @@ -13,15 +13,14 @@ @def $NET_PRIVATE = 10.0.0.0/16; table filter { - chain INPUT { - policy ACCEPT; + chain INPUT policy ACCEPT; + chain OUTPUT policy ACCEPT; + chain FORWARD { + policy ACCEPT; {% for mac in mac_blacklist %} mod mac mac-source {{ mac }} DROP; {% endfor %} } - - chain OUTPUT policy ACCEPT; - chain FORWARD policy ACCEPT; } table nat { |