diff options
| author | HimbeerserverDE <himbeerserverde@gmail.com> | 2023-05-07 11:41:46 +0200 |
|---|---|---|
| committer | HimbeerserverDE <himbeerserverde@gmail.com> | 2023-05-07 11:41:46 +0200 |
| commit | a4f5c17e062a66703334fc0fb38ec7c6c2fdcfbf (patch) | |
| tree | 93a60724439f49041cbf5af56f4ed438507d3fdb | |
| parent | 91984e8a0a14eccdd22554d83c5e745f923c31e7 (diff) | |
complete ipv6 ruleset
| -rw-r--r-- | src/main.rs | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/src/main.rs b/src/main.rs index 1cedbdb..096748c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -91,6 +91,9 @@ fn filter() -> Result<()> { let deny_wan4 = Rule::new(&input)?.iface("rsppp0")?.drop(); batch.add(&deny_wan4, MsgType::Add); + let deny_wan6 = Rule::new(&input)?.iface("he6in4")?.drop(); + batch.add(&deny_wan6, MsgType::Add); + let allow_isolated_dhcp = Rule::new(&input)? .iface("eth0.30")? .dport(67, Protocol::UDP) @@ -156,24 +159,48 @@ fn filter() -> Result<()> { .accept(); batch.add(&allow_mgmt_to_wan4, MsgType::Add); + let allow_mgmt_to_wan6 = Rule::new(&forward)? + .iface("eth0")? + .oface("he6in4")? + .accept(); + batch.add(&allow_mgmt_to_wan6, MsgType::Add); + let allow_trusted_to_wan4 = Rule::new(&forward)? .iface("eth0.10")? .oface("rsppp0")? .accept(); batch.add(&allow_trusted_to_wan4, MsgType::Add); + let allow_trusted_to_wan6 = Rule::new(&forward)? + .iface("eth0.10")? + .oface("he6in4")? + .accept(); + batch.add(&allow_trusted_to_wan6, MsgType::Add); + let allow_untrusted_to_wan4 = Rule::new(&forward)? .iface("eth0.20")? .oface("rsppp0")? .accept(); batch.add(&allow_untrusted_to_wan4, MsgType::Add); + let allow_untrusted_to_wan6 = Rule::new(&forward)? + .iface("eth0.20")? + .oface("he6in4")? + .accept(); + batch.add(&allow_untrusted_to_wan6, MsgType::Add); + let allow_exposed_to_wan4 = Rule::new(&forward)? .iface("eth0.40")? .oface("rsppp0")? .accept(); batch.add(&allow_exposed_to_wan4, MsgType::Add); + let allow_exposed_to_wan6 = Rule::new(&forward)? + .iface("eth0.40")? + .oface("he6in4")? + .accept(); + batch.add(&allow_exposed_to_wan6, MsgType::Add); + let allow_any_to_exposed = Rule::new(&forward)?.oface("eth0.40")?.accept(); batch.add(&allow_any_to_exposed, MsgType::Add); |