hosttype router
iface eth0 dmz unsafe safe untrusted vpn sgo colobdry default
iface eth1 dmz unsafe safe untrusted vpn sgo colobdry default
- iface eth2 safe vpn
+ iface eth2 dmz unsafe safe untrusted vpn sgo colobdry
iface eth3 untrusted vpn default
iface t6-he default
iface vpn-precision colobdry vpn sgo
hosttype router
iface eth0.0 dmz unsafe untrusted safe vpn sgo colobdry
iface eth0.1 dmz unsafe untrusted safe vpn sgo colobdry
- iface eth0.2 safe
+ iface eth0.2 dmz unsafe safe untrusted vpn sgo colobdry
iface eth0.3 untrusted
iface dns0 iodine
iface vpn-precision colobdry vpn sgo
-m state --state ESTABLISHED
## Allow SSH from safe/noloop to untrusted networks.
- run iptables -A fwd-spec-nofrag -j ACCEPT \
+ run ip46tables -A fwd-spec-nofrag -j ACCEPT \
-p tcp --destination-port $port_ssh \
-m mark --mark $to_untrusted/$MASK_TO
- run iptables -A fwd-spec-nofrag -j ACCEPT \
- -p tcp --source-port $port_ssh \
- -m mark --mark $from_untrusted/$MASK_FROM \
- -m state --state ESTABLISHED
- run ip6tables -A fwd-spec-nofrag -j ACCEPT \
- -p tcp --destination-port $port_ssh \
- -m mark --mark $to_untrusted/$MASK_TO
- run ip6tables -A fwd-spec-nofrag -j ACCEPT \
+ run ip46tables -A fwd-spec-nofrag -j ACCEPT \
-p tcp --source-port $port_ssh \
-m mark --mark $from_untrusted/$MASK_FROM \
-m state --state ESTABLISHED