profxadke/captive.whump.shanti-portal
1
0
Fork 0
mirror of https://codeberg.org/prof_x_pvt_ltd/captive.whump.shanti-portal synced 2024-08-14 22:46:42 +00:00
Code Issues Projects Releases Packages Wiki Activity

demonstrate use of ipset

Browse source
This commit is contained in:
Stefan Midjich 2017-11-15 10:57:00 +01:00
parent 3c50e1e692
commit 8316a43805
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
docs/examples/iptables/iptables.j2
View file

@ -31,6 +31,15 @@
# iptables -t mangle -I internet -m tcp -p tcp --source 1.2.3.4 -j RETURN
# iptables -t mangle -I internet -m udp -p udp --source 1.2.3.4 -j RETURN
# You can also use ipset like this.
# This matches a pre-defined ipset instead of specific addresses, ipset type hash:ip.
#-A internet -m set --match-set {{ipset_whitelist_clients}} src -j RETURN
#-A internet -m set --match-set {{ipset_auth_clients}} src -j RETURN
# These are for mac-addresses, ipset type hash:mac.
#-A internet -m set --match-set {{macset_whitelist_clients}} src -j RETURN
#-A internet -m set --match-set {{macset_auth_clients}} src -j RETURN
# For MGMT SSH traffic return out of internet chain so it's not marked
-A internet -p tcp -d {{captiveportal_conf.webportal_ip}} --dport ssh -j RETURN