summaryrefslogtreecommitdiff
path: root/ansible/roles/router/templates/ferm.conf.j2
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles/router/templates/ferm.conf.j2')
-rw-r--r--ansible/roles/router/templates/ferm.conf.j229
1 files changed, 29 insertions, 0 deletions
diff --git a/ansible/roles/router/templates/ferm.conf.j2 b/ansible/roles/router/templates/ferm.conf.j2
new file mode 100644
index 0000000..adf0248
--- /dev/null
+++ b/ansible/roles/router/templates/ferm.conf.j2
@@ -0,0 +1,29 @@
+# Firewall configuration for a router with a dynamic IP.
+#
+# Based on example by Max Kellermann <max@duempel.org>
+# <http://ferm.foo-projects.org/download/examples/dsl_router.ferm>
+
+# Interface towards the Internet.
+@def $DEV_WORLD = eth0;
+
+# Interfaces towards LAN.
+@def $DEV_PRIVATE = (br0);
+
+# Address range for LAN.
+@def $NET_PRIVATE = 10.0.0.0/16;
+
+table filter {
+ chain INPUT {
+ policy ACCEPT;
+{% for mac in mac_blacklist %}
+ mod mac mac-source {{ mac }} DROP;
+{% endfor %}
+ }
+
+ chain OUTPUT policy ACCEPT;
+ chain FORWARD policy ACCEPT;
+}
+
+table nat {
+ chain POSTROUTING MASQUERADE;
+}
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-17 09:06:12 +0000