blob: 38e4893adf774d34d60dfcaad073cb686473af53 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
#!/bin/ash
# ^ SOURCED
kiosk_rules="/opt/openslx/iptables/rules.d/90-kiosk"
cat <<-EOF > "$kiosk_rules"
#!/bin/ash
iptables -w -A ipt-helper-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -w -I ipt-helper-OUTPUT 1 -o br0 -d 132.230.0.0/16 -j ACCEPT
iptables -w -I ipt-helper-INPUT 1 -i br0 -d 132.230.0.0/16 -j ACCEPT
iptables -w -I ipt-helper-OUTPUT 1 -o br0 -d 10.0.0.0/8 -j ACCEPT
iptables -w -I ipt-helper-INPUT 1 -i br0 -d 10.0.0.0/8 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
EOF
chmod +x "$kiosk_rules"
# HACK: wait for iptables helper to setup the rules...
sleep 2
# make sure it is cleared on session close
echo "rm -f \"$kiosk_rules\"" > "/etc/X11/Xreset.d/clear-kiosk-iptables"
true
|