ferm: don't filter input by interface but only by ip

This allows VMs to talk to the host (Closes #6251)
ferm: accept ldap and ldaps output for the VMs
2015-01-07 15:20:36 +01:00 · 2015-01-07 15:20:36 +01:00
1 changed files with 2 additions and 2 deletions
--- a/ferm/ferm.conf
+++ b/ferm/ferm.conf
@ -65,7 +65,7 @@ table filter {
        proto icmp icmp-type echo-request ACCEPT;

        # local services
-        interface $DEV_WAN daddr $IP_WAN mod state state NEW {
+        daddr $IP_WAN mod state state NEW {
            # DNS requests
            @if $DNS_ON_WAN proto (udp tcp) dport 53
                mod comment comment "DNS on WAN"
@ -122,7 +122,7 @@ table filter {

        # from VMS to Internet: ssh, web, dns, ping
        outerface $DEV_WAN {
-            proto tcp mod multiport destination-ports (53 22 80 443)
+            proto tcp mod multiport destination-ports (53 22 80 389 443 636)
                mod state state NEW
                ACCEPT;
            proto udp dport 53
Author	SHA1	Message	Date
Jérôme Schneider	5dcff45f98	ferm: don't filter input by interface but only by ip This allows VMs to talk to the host (Closes #6251)	2015-01-07 15:20:36 +01:00
Jérôme Schneider	e7acd24479	ferm: accept ldap and ldaps output for the VMs	2015-01-07 15:20:36 +01:00