alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/common: minor change to firehol update script

Browse Source 
They include bogons like 127.0.0.1 that should not be routed on the
public Internet, but this blocks local applications we proxy to.
This commit is contained in:
Alan Orth 2025-01-28 09:14:48 +03:00
parent bb14f05d2a
commit cb79f7ef70
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
roles/common/templates/update-firehol-nftables.sh.j2
View File

@ -28,11 +28,14 @@ if [[ -f "firehol_level1.netset" ]]; then
firehol_level1_ipv4_list_temp=$(mktemp) firehol_level1_ipv4_list_temp=$(mktemp)
firehol_level1_ipv4_set_temp=$(mktemp) firehol_level1_ipv4_set_temp=$(mktemp)
# Filter blank lines and comments # Filter blank lines, comments, and bogons we use inside the LAN, DMZ, and
# for local services like systemd-resolved and others on localhost. Ideally
# these are blocked already at the WAN side by network administrators.
cat firehol_level1.netset \ cat firehol_level1.netset \
| sed \ | sed \
-e '/^$/d' \ -e '/^$/d' \
-e '/^#.*/d' \ -e '/^#.*/d' \
-e '/^127\.0\.0\.0\/8/d' \
> "$firehol_level1_ipv4_list_temp" > "$firehol_level1_ipv4_list_temp"
echo "Building firehol_level1-ipv4 set" echo "Building firehol_level1-ipv4 set"