blob: 9037927c68f6c07ecba23e95e719a2e3ac5ed57e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
# Firewall configuration for a router with a dynamic IP.
#
# Based on example by Max Kellermann <max@duempel.org>
# <http://ferm.foo-projects.org/download/examples/dsl_router.ferm>
# Interface towards the Internet.
@def $DEV_WORLD = eth0;
# Interfaces towards LAN.
@def $DEV_PRIVATE = (br0);
# Address range for LAN.
@def $NET_PRIVATE = 10.0.0.0/16;
table filter {
chain INPUT policy ACCEPT;
chain OUTPUT policy ACCEPT;
chain FORWARD {
policy ACCEPT;
{% for mac in mac_blacklist %}
mod mac mac-source {{ mac }} DROP;
{% endfor %}
}
}
table nat {
chain POSTROUTING MASQUERADE;
}
|