|
|
# iptables rules generated by conntrackt for {{entity}}
|
|
|
*filter
|
|
|
:INPUT ACCEPT [0:0]
|
|
|
{% for interface in entity.interface_set.all %}{% for communication in interface.destination_set.all %}
|
|
|
{% ifchanged communication.description %}
|
|
|
{% for interface in entity.interface_set.all %}
|
|
|
{% for communication in interface.destination_set.all %}
|
|
|
{% ifchanged communication.description %}
|
|
|
|
|
|
{% if communication.description %}
|
|
|
{% if communication.description %}
|
|
|
# {{communication.description}}
|
|
|
{% endif %}
|
|
|
{% endifchanged %}
|
|
|
{% endif %}
|
|
|
{% endifchanged %}
|
|
|
iptables -A INPUT -s {{communication.source.address}}/{{communication.source.netmask}} -p {{communication.protocol|lower}} -m {{communication.protocol|lower}} --dport {{communication.port}} -j ACCEPT
|
|
|
{% endfor %}
|
|
|
{% endfor %}
|
|
|
{% endfor %}
|
|
|
:FORWARD ACCEPT [0:0]
|
|
|
:OUTPUT ACCEPT [0:0]
|