forked from M-Labs/it-infra
nixbld: block internet access on insecure device
This commit is contained in:
parent
836d01b0c0
commit
70ad63ca56
|
@ -114,11 +114,19 @@ in
|
||||||
iptables -w -A block-lan-from-wifi -i ${netifLan} -o ${netifWifi} -j DROP
|
iptables -w -A block-lan-from-wifi -i ${netifLan} -o ${netifWifi} -j DROP
|
||||||
iptables -w -A block-lan-from-wifi -i ${netifWifi} -o ${netifLan} -j DROP
|
iptables -w -A block-lan-from-wifi -i ${netifWifi} -o ${netifLan} -j DROP
|
||||||
iptables -w -A FORWARD -j block-lan-from-wifi
|
iptables -w -A FORWARD -j block-lan-from-wifi
|
||||||
|
|
||||||
|
iptables -w -N block-insecure-devices
|
||||||
|
iptables -w -A block-insecure-devices -m mac --mac-source 00:20:0c:6c:ee:ba -j DROP
|
||||||
|
iptables -w -A FORWARD -j block-insecure-devices
|
||||||
'';
|
'';
|
||||||
extraStopCommands = ''
|
extraStopCommands = ''
|
||||||
iptables -w -D FORWARD -j block-lan-from-wifi 2>/dev/null|| true
|
iptables -w -D FORWARD -j block-lan-from-wifi 2>/dev/null|| true
|
||||||
iptables -w -F block-lan-from-wifi 2>/dev/null|| true
|
iptables -w -F block-lan-from-wifi 2>/dev/null|| true
|
||||||
iptables -w -X block-lan-from-wifi 2>/dev/null|| true
|
iptables -w -X block-lan-from-wifi 2>/dev/null|| true
|
||||||
|
|
||||||
|
iptables -w -D FORWARD -j block-insecure-devices 2>/dev/null|| true
|
||||||
|
iptables -w -F block-insecure-devices 2>/dev/null|| true
|
||||||
|
iptables -w -X block-insecure-devices 2>/dev/null|| true
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
sits."${netifSit}" = {
|
sits."${netifSit}" = {
|
||||||
|
|
Loading…
Reference in New Issue