|
2 months ago | |
---|---|---|
.gitignore | 3 years ago | |
README.md | 2 years ago | |
rules.temp.v4 | 10 months ago | |
rules.v4 | 2 months ago | |
rules.v6 | 2 months ago |
This is the iptables firewall rules for Ziltoid (the firewall)
The way that you update the configuration file is as follows:
Port: ####
directive), so that it listens on 22 and 13699 in the labs, and just 13699 from externally. You can also use the VPN or Ziltoid.# Device Name (IPv4 address)
# External Access: [List of Service (port number if unusual port or uncommon service)
[list of the iptables rules]
cd /etc/iptables
. Once you do that, run make
. Make will do the following things:
git pull
to pull the repository. Typically, this will request your Git server creds.sudo iptables-restore < rules.v4
. This will ask for your sudo password.iptables -S
Shows config (ish)
iptables -L
Lists rules
iptables -D <rule>
Deletes a rule
iptables -A <rule>
Adds a rule
iptables -F
Clears the entire table USE WITH CAUTION
Currently, we don’t have a failure mode protection system. If you push a bad config, there is no rollback mechanism other than rolling back the commit, and if you loose connection, that’s it.
This could be implemented better in the future. In the past, we have just been very careful to know exactly what to apply, but not all people are god-tier at iptables configs, so this would probably be beneficial in the future.
Presumably, a way to do this would be as follows:
make sync
Pull down the latest configmake test
Apply the latest config, but do not write it out to rules.v4, but rather a different file, and to resync from the existing config if make apply
is not run within 5 minutes`.make apply
Apply the latest config, and set it to be applied on reboot.make
Run make sync test
equivelant.