improved Database & Models
This commit is contained in:
commit
0bbe91bec3
18 changed files with 956 additions and 0 deletions
60
templates/nftables.ejs
Normal file
60
templates/nftables.ejs
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
#!/usr/sbin/nft -f
|
||||
|
||||
# Lösche alte Tabelle
|
||||
flush ruleset
|
||||
|
||||
table inet <%= interface.ifName %> {
|
||||
|
||||
<% addressGroupList.forEach((addressGroup) => { %>
|
||||
set addressGroup_<%= addressGroup.name %> {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
elements = { <%= addressGroup.addressList.join(", ") %> }
|
||||
}
|
||||
<% }) %>
|
||||
|
||||
<% addressGroupList.forEach((addressGroup) => { %>
|
||||
set addressGroup_<%= addressGroup.name %> {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
elements = { <%= addressGroup.addressList.join(", ") %> }
|
||||
}
|
||||
<% }) %>
|
||||
|
||||
chain input_<%= interface.ifName %> {
|
||||
type filter hook input priority 0; policy drop;
|
||||
|
||||
# Traffic vom Interface akzeptieren
|
||||
iif "<%= interface %>" tcp dport { 22, 53 } accept
|
||||
iif "<%= interface %>" udp dport 53 accept
|
||||
iif "<%= interface %>" icmp type echo-request accept
|
||||
iif "<%= interface %>" ip saddr @allowed_sources_<%= instanceId %> counter accept
|
||||
}
|
||||
|
||||
chain forward_<%= interface.ifName %> {
|
||||
type filter hook forward priority 0; policy drop;
|
||||
|
||||
# Eingehende Pakete von erlaubten IPs weiterleiten
|
||||
iif "<%= interface %>" ip saddr @allowed_sources_<%= instanceId %> ip daddr @allowed_destinations_<%= instanceId %> accept
|
||||
|
||||
# Rückläufige Antworten zulassen (established connections)
|
||||
oif "<%= interface %>" ip saddr @allowed_destinations_<%= instanceId %> ip daddr @allowed_sources_<%= instanceId %> ct state established accept
|
||||
}
|
||||
|
||||
chain output_<%= interface.ifName %> {
|
||||
type filter hook output priority 0; policy accept;
|
||||
|
||||
# Host -> WG Interface
|
||||
oif "<%= interface %>" ip daddr @allowed_destinations_<%= instanceId %> accept
|
||||
}
|
||||
|
||||
chain postrouting_<%= interface.ifName %> {
|
||||
type route hook output priority 100; policy accept;
|
||||
ip saddr <%= localSubnet %> oif "<%= outboundInterface %>" masquerade
|
||||
}
|
||||
|
||||
}
|
||||
<% accessRuleList.forEach((accessRule) => { %>
|
||||
<%= accessRule.proto %> dport <%= accessRule.dstport %> ip saddr
|
||||
# Description: <%= accessRule.description %>
|
||||
<% }) %>
|
||||
Loading…
Add table
Add a link
Reference in a new issue