From 3ab7600518bdf7e5d0d59245b92b910d3f34adf3 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Fri, 20 Oct 2017 14:25:56 +0300
Subject: Fix: allow printer access to router, but not beyond

---
 ansible/roles/router/templates/ferm.conf.j2 | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/router/templates/ferm.conf.j2 b/ansible/roles/router/templates/ferm.conf.j2
index adf0248..9037927 100644
--- a/ansible/roles/router/templates/ferm.conf.j2
+++ b/ansible/roles/router/templates/ferm.conf.j2
@@ -13,15 +13,14 @@
 @def $NET_PRIVATE = 10.0.0.0/16;
 
 table filter {
-    chain INPUT {
-        policy ACCEPT;
+    chain INPUT policy ACCEPT;
+    chain OUTPUT policy ACCEPT;
+    chain FORWARD {
+       policy ACCEPT;
 {% for mac in mac_blacklist %}
         mod mac mac-source {{ mac }} DROP;
 {% endfor %}
     }
-
-    chain OUTPUT policy ACCEPT;
-    chain FORWARD policy ACCEPT;
 }
 
 table nat {
-- 
cgit v1.2.1