summaryrefslogtreecommitdiffstats
path: root/rules
diff options
context:
space:
mode:
authorRobert "ar" Gerus <ar@bash.org.pl>2013-03-12 13:51:28 +0100
committerRobert "ar" Gerus <ar@bash.org.pl>2013-03-12 13:51:28 +0100
commit1186c1e5a1dc6a1ac77c6ff4d95dcf447903e6a0 (patch)
tree18485533938e2635f60d2ebe9639c82e3836a8a9 /rules
parent7c70c33a2a89eec7012b69fa3132a892bc5c7b0b (diff)
downloadold-firewall-1186c1e5a1dc6a1ac77c6ff4d95dcf447903e6a0.tar.gz
old-firewall-1186c1e5a1dc6a1ac77c6ff4d95dcf447903e6a0.tar.bz2
old-firewall-1186c1e5a1dc6a1ac77c6ff4d95dcf447903e6a0.tar.xz
old-firewall-1186c1e5a1dc6a1ac77c6ff4d95dcf447903e6a0.zip
permit ntp traffic to tempus1.gum.gov.pl and tempus2.gum.gov.pl from firewall
Diffstat (limited to 'rules')
-rw-r--r--rules/03-kasha-outbound-connections7
1 files changed, 5 insertions, 2 deletions
diff --git a/rules/03-kasha-outbound-connections b/rules/03-kasha-outbound-connections
index 3dea21d..d4d7f6d 100644
--- a/rules/03-kasha-outbound-connections
+++ b/rules/03-kasha-outbound-connections
@@ -1,13 +1,16 @@
#!/bin/bash
rules() {
+ ntp_ips=( 212.244.36.227 212.244.36.228 )
# fwtest: 01-ssh_test_via_NAS.sh
iptables -t filter $flag OUTPUT -o ${IF_LAN} -p tcp -d ${HOST_AMANOJAKU} --dport 22 -j ACCEPT
iptables -t filter $flag INPUT -i ${IF_LAN} -p tcp -s ${HOST_AMANOJAKU} --sport 22 -j ACCEPT
# outbound DNS
iptables -t filter $flag OUTPUT -o ${IF_WAN} -p tcp --dport 53 -j ACCEPT
iptables -t filter $flag OUTPUT -o ${IF_WAN} -p udp --dport 53 -j ACCEPT
-# outbound http
- iptables -t filter $flag OUTPUT -o ${IF_WAN} -p tcp --dport 80 -j ACCEPT
+# outbound NTP
+ for ntp_server in ${ntp_ips[@]}; do
+ iptables -t filter $flag OUTPUT -o ${IF_WAN} -p udp -d ${ntp_server} --dport 123 -j ACCEPT
+ done
# i hate having a multitude of stateless INPUT rules
iptables -t filter $flag INPUT -i ${IF_WAN} -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT