Commit 5ee349e5 authored by Benjamin Sonntag's avatar Benjamin Sonntag

adding basic iptables configuration, TODO: add --user prosody limits + connection tracking

parent a3263b01
......@@ -56,6 +56,13 @@ do
iptables -A IN_STANDARD -p tcp --dport 22 -s $ip -j ACCEPT
iptables -A OUT_STANDARD -p tcp --sport 22 -d $ip -j ACCEPT
done
# Outgoing ssh : to github ;)
for ip in 192.30.252.0/22
do
iptables -A OUT_STANDARD -p tcp --dport 22 -d $ip -j ACCEPT
iptables -A IN_STANDARD -p tcp --sport 22 -s $ip -j ACCEPT
done
# BUG WITH "--limit" module on LXC, don't use it for now ...
iptables -A OUT_STANDARD -p icmp -j ACCEPT
iptables -A IN_STANDARD -p icmp -j ACCEPT
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment