forked from FF-RGB/ansible
Renamed exit-ipv4 to exit-ip, added TCP-MSS Clamping for V4 and V6
This commit is contained in:
parent
608db4bb44
commit
76b0c8d73f
@ -2,3 +2,6 @@
|
|||||||
|
|
||||||
- name: Reload iptables
|
- name: Reload iptables
|
||||||
shell: iptables-restore < /etc/iptables/rules.v4
|
shell: iptables-restore < /etc/iptables/rules.v4
|
||||||
|
|
||||||
|
- name: Reload ip6tables
|
||||||
|
shell: ip6tables-restore < /etc/iptables/rules.v6
|
@ -18,3 +18,7 @@
|
|||||||
- name: Configure iptables
|
- name: Configure iptables
|
||||||
template: src=rules.v4.j2 dest=/etc/iptables/rules.v4
|
template: src=rules.v4.j2 dest=/etc/iptables/rules.v4
|
||||||
notify: Reload iptables
|
notify: Reload iptables
|
||||||
|
|
||||||
|
- name: Configure ip6tables
|
||||||
|
template: src=rules.v6.j2 dest=/etc/iptables/rules.v6
|
||||||
|
notify: Reload ip6tables
|
7
roles/exit-ip/templates/rules.v6.j2
Normal file
7
roles/exit-ip/templates/rules.v6.j2
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
*filter
|
||||||
|
:INPUT ACCEPT [0:0]
|
||||||
|
:FORWARD ACCEPT [0:0]
|
||||||
|
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
||||||
|
:OUTPUT ACCEPT [0:0]
|
||||||
|
COMMIT
|
Loading…
Reference in New Issue
Block a user