Revert "Make firewall rules for server-to-internal-clients-VoIP less restrictive"

This reverts commit 644dacf844a094a513a00255f9717f16faac22c5.
author: Himbeer <himbeer@disroot.org> 2024-08-17 21:14:09 +0200
committer: Himbeer <himbeer@disroot.org> 2024-08-17 21:14:09 +0200
commit: 9c20ce911351d36af02f6f5566a8351c06c68264 (patch)
tree: 994e5d0f3a2f1b9454869866119e8e30b605c767
parent: 644dacf844a094a513a00255f9717f16faac22c5 (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/src/main.rs b/src/main.rs
index b3364cf..895e0c1 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -296,18 +296,20 @@ fn filter() -> Result<()> {
         .accept();
     batch.add(&allow_exposed_to_wan6in4, MsgType::Add);
 
-    let allow_exposed_to_any_sip = Rule::new(&forward)?
+    let allow_exposed_to_vpn_sip = Rule::new(&forward)?
         .iface("eth0.40")?
+        .oface("wg0")?
         .dport(5060, Protocol::UDP)
         .accept();
-    batch.add(&allow_exposed_to_any_sip, MsgType::Add);
+    batch.add(&allow_exposed_to_vpn_sip, MsgType::Add);
 
     for port in 16384..=16482 {
-        let allow_exposed_to_any_rtp = Rule::new(&forward)?
+        let allow_exposed_to_vpn_rtp = Rule::new(&forward)?
             .iface("eth0.40")?
+            .oface("wg0")?
             .dport(port, Protocol::UDP)
             .accept();
-        batch.add(&allow_exposed_to_any_rtp, MsgType::Add);
+        batch.add(&allow_exposed_to_vpn_rtp, MsgType::Add);
     }
 
     let allow_vpn_to_modem = Rule::new(&forward)?.iface("wg0")?.oface("eth1")?.accept();
author	Himbeer <himbeer@disroot.org>	2024-08-17 21:14:09 +0200
committer	Himbeer <himbeer@disroot.org>	2024-08-17 21:14:09 +0200
commit	9c20ce911351d36af02f6f5566a8351c06c68264 (patch)
tree	994e5d0f3a2f1b9454869866119e8e30b605c767
parent	644dacf844a094a513a00255f9717f16faac22c5 (diff)