Add internet access to signup network
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
parent
2a57b43184
commit
8e7701423d
2 changed files with 19 additions and 2 deletions
|
@ -29,8 +29,8 @@ table inet signup {
|
||||||
|
|
||||||
# Si la machine tente de se connecter à un des hôtes déclencheurs,
|
# Si la machine tente de se connecter à un des hôtes déclencheurs,
|
||||||
# on enregistre son adresse MAC et on laisse passer la connexion
|
# on enregistre son adresse MAC et on laisse passer la connexion
|
||||||
ip daddr $signup_trigger_v4 goto trigger
|
ip daddr $signup_triggers_v4 goto trigger
|
||||||
ip6 daddr $signup_trigger_v6 goto trigger
|
ip6 daddr $signup_triggers_v6 goto trigger
|
||||||
|
|
||||||
# La machine a tenté de se connecter vers une destination qui ne
|
# La machine a tenté de se connecter vers une destination qui ne
|
||||||
# déclenche pas l'accès à Internet, donc on bloque
|
# déclenche pas l'accès à Internet, donc on bloque
|
||||||
|
|
|
@ -29,6 +29,10 @@ table inet filter {
|
||||||
log prefix "in-from-member" group 0
|
log prefix "in-from-member" group 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
chain input_from_signup {
|
||||||
|
log prefix "in-from-signup" group 0
|
||||||
|
}
|
||||||
|
|
||||||
chain input_from_svc {
|
chain input_from_svc {
|
||||||
log prefix "in-from-svc" group 0
|
log prefix "in-from-svc" group 0
|
||||||
}
|
}
|
||||||
|
@ -55,6 +59,9 @@ table inet filter {
|
||||||
ip saddr $member_v4 goto input_from_member
|
ip saddr $member_v4 goto input_from_member
|
||||||
ip6 saddr $member_v6 goto input_from_member
|
ip6 saddr $member_v6 goto input_from_member
|
||||||
|
|
||||||
|
ip saddr $signup_v4 goto input_from_signup
|
||||||
|
ip6 saddr $signup_v6 goto input_from_signup
|
||||||
|
|
||||||
ip saddr $svc_v4 goto input_from_svc
|
ip saddr $svc_v4 goto input_from_svc
|
||||||
ip6 saddr $svc_v6 goto input_from_svc
|
ip6 saddr $svc_v6 goto input_from_svc
|
||||||
|
|
||||||
|
@ -89,6 +96,9 @@ table inet filter {
|
||||||
goto forward_to_member_re2o_ports
|
goto forward_to_member_re2o_ports
|
||||||
}
|
}
|
||||||
|
|
||||||
|
chain forward_to_signup {
|
||||||
|
}
|
||||||
|
|
||||||
chain forward_to_svc {
|
chain forward_to_svc {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -124,6 +134,10 @@ table inet filter {
|
||||||
ip saddr $member_v4 accept
|
ip saddr $member_v4 accept
|
||||||
ip6 saddr $member_v6 accept
|
ip6 saddr $member_v6 accept
|
||||||
|
|
||||||
|
# Les réseaus d'inscription ont accès à internet
|
||||||
|
ip saddr $signup_v4 accept
|
||||||
|
ip6 saddr $signup_v6 accept
|
||||||
|
|
||||||
# Les réseaux de services ont accès à Internet
|
# Les réseaux de services ont accès à Internet
|
||||||
ip saddr $svc_v4 accept
|
ip saddr $svc_v4 accept
|
||||||
ip6 saddr $svc_v6 accept
|
ip6 saddr $svc_v6 accept
|
||||||
|
@ -152,6 +166,9 @@ table inet filter {
|
||||||
ip daddr $member_v4 goto forward_to_member
|
ip daddr $member_v4 goto forward_to_member
|
||||||
ip6 daddr $member_v6 goto forward_to_member
|
ip6 daddr $member_v6 goto forward_to_member
|
||||||
|
|
||||||
|
ip daddr $signup_v4 goto forward_to_signup
|
||||||
|
ip6 daddr $signup_v6 goto forward_to_signup
|
||||||
|
|
||||||
ip daddr $svc_v4 goto forward_to_svc
|
ip daddr $svc_v4 goto forward_to_svc
|
||||||
ip6 daddr $svc_v6 goto forward_to_svc
|
ip6 daddr $svc_v6 goto forward_to_svc
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue