blob: adf0248898c6d514264c75a75838703e76d27648 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
# Firewall configuration for a router with a dynamic IP.
#
# Based on example by Max Kellermann <max@duempel.org>
# <http://ferm.foo-projects.org/download/examples/dsl_router.ferm>
# Interface towards the Internet.
@def $DEV_WORLD = eth0;
# Interfaces towards LAN.
@def $DEV_PRIVATE = (br0);
# Address range for LAN.
@def $NET_PRIVATE = 10.0.0.0/16;
table filter {
chain INPUT {
policy ACCEPT;
{% for mac in mac_blacklist %}
mod mac mac-source {{ mac }} DROP;
{% endfor %}
}
chain OUTPUT policy ACCEPT;
chain FORWARD policy ACCEPT;
}
table nat {
chain POSTROUTING MASQUERADE;
}
|