add templates for extra firewall rules like open port 80

[rubo77]

there are some rules that have to be added depening on the case, for example

open port 80:

https://github.com/rubo77/ffmap-backend-bridge#-allow-port-80

cat > /etc/iptables.d/600-Allow-HTTP <<EOF
# Allow ssh on wan and mesh
ip46tables -A wan-input -p tcp -m tcp --dport 80    -j ACCEPT
ip46tables -A mesh-input -p tcp -m tcp --dport 80    -j ACCEPT
EOF

allow all connections from wan for experimental envionments

https://github.com/ffnord/ffnord-example/blob/master/bootstrap.sh

cat > /etc/iptables.d/199-allow-wan << EOF
## allow all connections from wan for experimental envionments
ip46tables -A wan-input -j ACCEPT
EOF

where could we put these templates?

[ohrensessel]

we will not put these into the script as long as there is no use case in
the script for them. there simply is no modul depending on port 80 being
open.

2015-10-31 12:42 GMT+01:00 Ruben Barkow notifications@github.com:

there are some rules that have to be added depening on the case, for
example

#open port 80:
https://github.com/rubo77/ffmap-backend-bridge#-allow-port-80

cat > /etc/iptables.d/600-Allow-HTTP <<EOF

Allow ssh on wan and mesh

ip46tables -A wan-input -p tcp -m tcp --dport 80 -j ACCEPT
ip46tables -A mesh-input -p tcp -m tcp --dport 80 -j ACCEPT
EOF

#allow all connections from wan for experimental envionments
https://github.com/ffnord/ffnord-example/blob/master/bootstrap.sh

cat > /etc/iptables.d/199-allow-wan << EOF

allow all connections from wan for experimental envionments

ip46tables -A wan-input -j ACCEPT
EOF

where could we put these templates?

—
Reply to this email directly or view it on GitHub
#142.

[rubo77]

I thought more of adding those scripts in a disabled state somehow, so in case you need to enable them you would have a simple option