From 53be5c3014f47b731124a336a4659ce879609142 Mon Sep 17 00:00:00 2001 From: Niklas Yann Wettengel Date: Mon, 29 Jan 2018 13:36:13 +0100 Subject: [PATCH] reject forwarded traffic going out on the default gateway --- roles/configure_iptables/templates/iptables.rules | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules index d832362..be2965d 100644 --- a/roles/configure_iptables/templates/iptables.rules +++ b/roles/configure_iptables/templates/iptables.rules @@ -66,6 +66,7 @@ COMMIT -A FORWARD -i bat{{ site.name }} -p udp --dport 10010:10021 -j REJECT {% endfor %} {% endif %} +-A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT COMMIT *nat