add templates for extra firewall rules like open port 80

[rubo77]

there are some rules that have to be added depening on the case, for example

open port 80:

https://github.com/rubo77/ffmap-backend-bridge#-allow-port-80

cat > /etc/iptables.d/600-Allow-HTTP <<EOF
# Allow ssh on wan and mesh
ip46tables -A wan-input -p tcp -m tcp --dport 80    -j ACCEPT
ip46tables -A mesh-input -p tcp -m tcp --dport 80    -j ACCEPT
EOF

allow all connections from wan for experimental envionments

https://github.com/ffnord/ffnord-example/blob/master/bootstrap.sh

cat > /etc/iptables.d/199-allow-wan << EOF
## allow all connections from wan for experimental envionments
ip46tables -A wan-input -j ACCEPT
EOF

where could we put these templates?

[ohrensessel]

we will not put these into the script as long as there is no use case in the script for them. there simply is no modul depending on port 80 being open.

2015-10-31 12:42 GMT+01:00 Ruben Barkow notifications@github.com:

there are some rules that have to be added depening on the case, for example

open port 80:

https://github.com/rubo77/ffmap-backend-bridge#-allow-port-80

cat > /etc/iptables.d/600-Allow-HTTP <<EOF

Allow ssh on wan and mesh

ip46tables -A wan-input -p tcp -m tcp --dport 80 -j ACCEPT ip46tables -A mesh-input -p tcp -m tcp --dport 80 -j ACCEPT EOF

allow all connections from wan for experimental envionments

https://github.com/ffnord/ffnord-example/blob/master/bootstrap.sh

cat > /etc/iptables.d/199-allow-wan << EOF

allow all connections from wan for experimental envionments

ip46tables -A wan-input -j ACCEPT EOF

where could we put these templates?

— Reply to this email directly or view it on GitHub https://github.com/ffnord/ffnord-puppet-gateway/issues/142.

[rubo77]

I thought more of adding those scripts in a disabled state somehow, so in case you need to enable them you would have a simple option