Skip to content

Commit

Permalink
Update ferm
Browse files Browse the repository at this point in the history
  • Loading branch information
@xtrime-ru
xtrime-ru committed Sep 25, 2024
1 parent d0303a6 commit bb7455f
Showing 1 changed file with 12 additions and 7 deletions.
19 changes: 12 additions & 7 deletions rootfs/etc/ferm/ferm.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,13 @@
# connmark 2 = ACCEPT

domain (ip ip6) {
table filter {
chain (DOCKER DOCKER-INGRESS DOCKER-ISOLATION-STAGE-1 DOCKER-ISOLATION-STAGE-2 FORWARD) @preserve;
}
table filter {
chain (DOCKER DOCKER-INGRESS DOCKER-ISOLATION-STAGE-1 DOCKER-ISOLATION-STAGE-2 FORWARD) @preserve;
}

table nat {
chain (DOCKER DOCKER_OUTPUT DOCKER_POSTROUTING DOCKER-INGRESS PREROUTING OUTPUT POSTROUTING) @preserve;
}
table nat {
chain (DOCKER DOCKER_OUTPUT DOCKER_POSTROUTING DOCKER-INGRESS PREROUTING OUTPUT POSTROUTING) @preserve;
}
}

@include 'whitelist.conf';
Expand Down Expand Up @@ -59,14 +59,19 @@ table nat {
saddr $VPNTCP_RANGE daddr $VPNTCP_DNS ACCEPT;
saddr $DOCKER_RANGE daddr $DOCKER_DNS ACCEPT;

daddr ($VPNUDP_DNS $VPNTCP_DNS $DOCKER_DNS) REDIRECT;
daddr ($VPNUDP_DNS $VPNTCP_DNS $DOCKER_DNS) REDIRECT;

saddr ($VPNUDP_RANGE $VPNTCP_RANGE $DOCKER_RANGE) daddr ! $DNSMAP_RANGE CONNMARK set-mark 1;
saddr ($VPNUDP_RANGE $VPNTCP_RANGE $DOCKER_RANGE) daddr $DNSMAP_RANGE jump dnsmap;
}
chain POSTROUTING {
saddr ($VPNUDP_RANGE $VPNTCP_RANGE $DOCKER_RANGE) MASQUERADE;
}
# localhost rules
chain OUTPUT {
daddr ($VPNUDP_DNS $VPNTCP_DNS $DOCKER_DNS) REDIRECT;
}

}

# IPv6:
Expand Down

0 comments on commit bb7455f

Please sign in to comment.