Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A INPUT -i lo -j ACCEPT
- -A INPUT -d 127.0.0.0/8 -i lo -j REJECT --reject-with icmp-port-unreachable
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- {% if grains['id'].startswith('web') %}
- #HTTP
- -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
- #HTTPS
- -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
- {% elif grains['id'].startswith('chat') %}
- #CHAT
- -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 2424
- {% else %}{% endif %}
- -A INPUT -j REJECT --reject-with icmp-port-unreachable
- -A FORWARD -j REJECT --reject-with icmp-port-unreachable
- -A OUTPUT -j ACCEPT
- COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
