]> git.friedersdorff.com Git - max/glocker.git/blobdiff - iptables.rules
projects / max / glocker.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Allow admin to specify exceptions to blocklist
[max/glocker.git] / iptables.rules
diff --git a/iptables.rules b/iptables.rules
index a884c604c1652632c7b29c1d72b56795e05ccd5d..bdeb1b9f3aae6c5dcf456c1a16f04bc2b2d2b100 100644 (file)
--- a/iptables.rules
+++ b/iptables.rules
@@ -33,6 +33,10 @@ COMMIT
 -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -p tcp -j REJECT --reject-with tcp-reset
 -A INPUT -j REJECT --reject-with icmp-proto-unreachable
+# Explicitly allow outgoing traffic to the following IP addresses.  This is
+# for things like Google cloud addresses which are owned by but not operated
+# by google.
+-A OUTPUT -m set --match-set glocker-except dst -j ACCEPT
 # Prevent all outgoing traffic to banned IP addresses also
 -A OUTPUT -m set --match-set glocker dst -j DROP
 
Unnamed repository; edit this file 'description' to name the repository.