[Olsr-users] OLSRd2 and iptables
Henning Rogge
(spam-protected)
Mon May 9 20:44:22 CEST 2016
Hi,
dropping all packets in the forward chain means you cannot route
traffic... anything (non-locally) routed goes through the forward
chain.
Henning
On Mon, May 9, 2016 at 8:37 PM, Nemesis <(spam-protected)> wrote:
> Hi everyone,
>
> we have an olsrd2 node running only vpn links and exposed to the
> internet. We need to protect it a bit more with iptables rules.
>
> What ports do we need to keep open on what chains in order to keep
> olsrd2 running? The current configuration we have causes OLSRd2 to stop
> working.
>
> Current rules:
>
> ---------------------------------------------
>
> iptables --flush
> iptables --delete-chain
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> iptables -P OUTPUT DROP
>
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A OUTPUT -o lo -j ACCEPT
>
> iptables -A INPUT -p tcp ! --syn -m state --state NEW -s 0.0.0.0/0 -j DROP
>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> # other omitted accepted ports like 80, 443, ecc
>
> # OLSRd2
> iptables -A INPUT -p udp --dport 269 -j ACCEPT
>
> iptables -I OUTPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
>
> ---------------------------------------------
>
> Maybe missing something on the forward chain? Or another port?
>
> Federico
>
> --
> Olsr-users mailing list
> (spam-protected)
> https://lists.olsr.org/mailman/listinfo/olsr-users
More information about the Olsr-users
mailing list