Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2024-10-01 02:35:49 -04:00
Code Issues Packages Projects Releases Wiki Activity

feat: use ip interface group for faster evaluation

Browse Source
This commit is contained in:
Ben Grande 2024-07-05 12:00:22 +02:00
parent 34d2943556
commit 14b389655b
No known key found for this signature in database
GPG Key ID: 00C64E14F51F9E56
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
salt/sys-pihole/files/server/qubes-firewall.d/50-sys-pihole
View File

@ -9,10 +9,10 @@ add chain ip6 qubes dnat-dns { type nat hook prerouting priority dstnat; policy
flush chain ip qubes dnat-dns
flush chain ip6 qubes dnat-dns
insert rule ip qubes dnat-dns iifname "vif*" tcp dport 53 dnat to 127.0.0.1
insert rule ip qubes dnat-dns iifname "vif*" udp dport 53 dnat to 127.0.0.1
insert rule ip6 qubes dnat-dns iifname "vif*" tcp dport 53 dnat to ::1
insert rule ip6 qubes dnat-dns iifname "vif*" udp dport 53 dnat to ::1
insert rule ip qubes dnat-dns iifgroup 2 tcp dport 53 dnat to 127.0.0.1
insert rule ip qubes dnat-dns iifgroup 2 udp dport 53 dnat to 127.0.0.1
insert rule ip6 qubes dnat-dns iifgroup 2 tcp dport 53 dnat to ::1
insert rule ip6 qubes dnat-dns iifgroup 2 udp dport 53 dnat to ::1
flush chain ip qubes custom-forward
flush chain ip6 qubes custom-forward
@ -24,12 +24,12 @@ insert rule ip6 qubes custom-forward udp dport 53 drop
flush chain ip qubes custom-input
flush chain ip6 qubes custom-input
## Admin Web Interface
insert rule ip qubes custom-input iifname != "lo" tcp dport 80 drop
insert rule ip qubes custom-input iifname != "lo" udp dport 80 drop
insert rule ip6 qubes custom-input iifname != "lo" tcp dport 80 drop
insert rule ip6 qubes custom-input iifname != "lo" udp dport 80 drop
insert rule ip qubes custom-input iifgroup != 0 tcp dport 80 drop
insert rule ip qubes custom-input iifgroup != 0 udp dport 80 drop
insert rule ip6 qubes custom-input iifgroup != 0 tcp dport 80 drop
insert rule ip6 qubes custom-input iifgroup != 0 udp dport 80 drop
## DNS
insert rule ip qubes custom-input iifname "vif*" tcp dport 53 accept
insert rule ip qubes custom-input iifname "vif*" udp dport 53 accept
insert rule ip6 qubes custom-input iifname "vif*" tcp dport 53 accept
insert rule ip6 qubes custom-input iifname "vif*" udp dport 53 accept
insert rule ip qubes custom-input iifgroup 2 tcp dport 53 accept
insert rule ip qubes custom-input iifgroup 2 udp dport 53 accept
insert rule ip6 qubes custom-input iifgroup 2 tcp dport 53 accept
insert rule ip6 qubes custom-input iifgroup 2 udp dport 53 accept