You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
54 lines
1.2 KiB
54 lines
1.2 KiB
#!pydsl |
|
|
|
families = [ |
|
("ipv4", ["0.0.0.0/0"]), |
|
("ipv6", ["::/0"]), |
|
] |
|
|
|
ports = [ |
|
("mqtts-tcp", 4883), |
|
("mqtts-ws", 4884), |
|
] |
|
|
|
state("mqtt_public ipv4 chain").iptables.chain_present( |
|
"mqtt_public", |
|
family="ipv4", |
|
) |
|
|
|
state("mqtt_public ipv6 chain").iptables.chain_present( |
|
"mqtt_public", |
|
family="ipv6", |
|
) |
|
|
|
for family, addresses in families: |
|
for address in addresses: |
|
for protocol, port in ports: |
|
state("{} {} {}".format(protocol, family, address)).iptables.append( |
|
table="filter", |
|
family=family, |
|
chain="mqtt_public", |
|
source=address, |
|
protocol="tcp", |
|
match=["tcp", "comment"], |
|
comment=protocol, |
|
dport=port, |
|
jump="ACCEPT", |
|
) |
|
|
|
state("mqtt_public ipv4 input chain").iptables.append( |
|
table="filter", |
|
family="ipv4", |
|
chain="INPUT", |
|
match="comment", |
|
comment="mqtt_public", |
|
jump="mqtt_public", |
|
) |
|
|
|
state("mqtt_public ipv6 input chain").iptables.append( |
|
table="filter", |
|
family="ipv6", |
|
chain="INPUT", |
|
match="comment", |
|
comment="mqtt_public", |
|
jump="mqtt_public", |
|
)
|
|
|