diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2019-01-20 21:39:10 -0200 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2019-01-20 21:39:10 -0200 |
commit | d98ee7979c2b401e567977ef1df64cbaf093104e (patch) | |
tree | acfcbb587ac2f4e66d911186e45a02f60547e32a /share/provision/files | |
parent | 4495057e061bc4c4f1b1d0216ad617c3579ddbeb (diff) | |
download | kvmx-d98ee7979c2b401e567977ef1df64cbaf093104e.tar.gz kvmx-d98ee7979c2b401e567977ef1df64cbaf093104e.tar.bz2 |
Provision: IPRedator: Transmission support
Diffstat (limited to 'share/provision/files')
-rw-r--r-- | share/provision/files/ipredator/etc/ferm/ferm.conf | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/share/provision/files/ipredator/etc/ferm/ferm.conf b/share/provision/files/ipredator/etc/ferm/ferm.conf index d7b97a3..a25a3d2 100644 --- a/share/provision/files/ipredator/etc/ferm/ferm.conf +++ b/share/provision/files/ipredator/etc/ferm/ferm.conf @@ -35,6 +35,10 @@ # stick to only those that you really need. @def $PORT_OPENVPN = (1194 1234 1337 2342 5060); +# See https://blog.ipredator.se/howto/restricting-transmission-to-the-vpn-interface-on-ubuntu-linux.html +# Ports Transmission is allowed to use. +@def $PORT_TRANSMISSION = 16384:65535; + # Public DNS servers and those that are only reachable via VPN. # DNS servers are specified in the outbound DNS rules to prevent DNS leaks # (https://www.dnsleaktest.com/). The public DNS servers configured on your @@ -59,6 +63,11 @@ @if $VPN_ACTIVE { domain ip { table filter { + chain INPUT { + interface $DEV_VPN { + proto (tcp udp) dport $PORT_TRANSMISSION ACCEPT; + } + } chain OUTPUT { # Default allowed outbound services on the VPN interface. # If you need more simply add your rules here. @@ -67,6 +76,7 @@ proto tcp dport $PORT_FTP ACCEPT; proto udp dport $PORT_NTP ACCEPT; proto tcp dport $PORT_SSH ACCEPT; + proto (tcp udp) sport $PORT_TRANSMISSION ACCEPT; proto tcp dport $PORT_WEB ACCEPT; } } |