fff-gateway: Add firewall rules to ensure nothing is forwarded onto WAN

Signed-off-by: Fabian Bläse <fabian@blaese.de> Reviewed-by: Christian Dresel <fff@chrisi01.de> Reviewed-by: Robert Langhammer <rlanghammer@web.de>
2019-09-10 22:09:01 +02:00 · 2019-09-10 22:09:01 +02:00 · d8ea5c652f
parent 6c706432a6
commit d8ea5c652f
1 changed files with 3 additions and 0 deletions
--- a/src/packages/fff/fff-gateway/files/usr/lib/firewall.d/10-no-forward-wan
+++ b/src/packages/fff/fff-gateway/files/usr/lib/firewall.d/10-no-forward-wan
@ -0,0 +1,3 @@
+# Ensure nothing is forwarded onto WAN interface
+iptables -A FORWARD -o $IF_WAN -j REJECT --reject-with icmp-net-unreachable
+ip6tables -A FORWARD -o $IF_WAN -j REJECT --reject-with no-route