summaryrefslogtreecommitdiffstats
path: root/core/modules/kiosk-common/data/opt/openslx/lightdm/guest-account.d/00-iptables
diff options
context:
space:
mode:
Diffstat (limited to 'core/modules/kiosk-common/data/opt/openslx/lightdm/guest-account.d/00-iptables')
-rw-r--r--core/modules/kiosk-common/data/opt/openslx/lightdm/guest-account.d/00-iptables26
1 files changed, 26 insertions, 0 deletions
diff --git a/core/modules/kiosk-common/data/opt/openslx/lightdm/guest-account.d/00-iptables b/core/modules/kiosk-common/data/opt/openslx/lightdm/guest-account.d/00-iptables
new file mode 100644
index 00000000..38e4893a
--- /dev/null
+++ b/core/modules/kiosk-common/data/opt/openslx/lightdm/guest-account.d/00-iptables
@@ -0,0 +1,26 @@
+#!/bin/ash
+# ^ SOURCED
+
+kiosk_rules="/opt/openslx/iptables/rules.d/90-kiosk"
+cat <<-EOF > "$kiosk_rules"
+ #!/bin/ash
+
+ iptables -w -A ipt-helper-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ iptables -w -I ipt-helper-OUTPUT 1 -o br0 -d 132.230.0.0/16 -j ACCEPT
+ iptables -w -I ipt-helper-INPUT 1 -i br0 -d 132.230.0.0/16 -j ACCEPT
+ iptables -w -I ipt-helper-OUTPUT 1 -o br0 -d 10.0.0.0/8 -j ACCEPT
+ iptables -w -I ipt-helper-INPUT 1 -i br0 -d 10.0.0.0/8 -j ACCEPT
+
+ iptables -P INPUT DROP
+ iptables -P FORWARD DROP
+ iptables -P OUTPUT DROP
+EOF
+
+chmod +x "$kiosk_rules"
+
+# HACK: wait for iptables helper to setup the rules...
+sleep 2
+
+# make sure it is cleared on session close
+echo "rm -f \"$kiosk_rules\"" > "/etc/X11/Xreset.d/clear-kiosk-iptables"
+true
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-06-18 21:34:59 +0200