summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2018-01-02 18:24:40 +0100
committerlassulus <lassulus@lassul.us>2018-01-02 18:24:40 +0100
commit67458e15f442d16d645f92b8f3de5f226212696a (patch)
tree7ee36e618d920fc05401fd6c70dbd001a3f41d5b
parent115b4c0afebe1f7a7a53c4d82842a7072a3bf2dd (diff)
iptables: set empty default rules
-rw-r--r--krebs/3modules/iptables.nix9
1 files changed, 9 insertions, 0 deletions
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index d64ed86de..6298a05a5 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -61,6 +61,15 @@ let
};
};
})));
+ default = {
+ filter.INPUT.policy = "ACCEPT";
+ filter.FORWARD.policy = "ACCEPT";
+ filter.OUTPUT.policy = "ACCEPT";
+ nat.PREROUTING.policy = "ACCEPT";
+ nat.INPUT.policy = "ACCEPT";
+ nat.OUTPUT.policy = "ACCEPT";
+ nat.POSTROUTING.policy = "ACCEPT";
+ };
};
};