Fixing firewall rules for ssh and http git clone

2015-05-26 15:50:46 +02:00
parent 47d56e2fbd
commit 1beec497f8
3 changed files with 11 additions and 3 deletions
--- a/tmpl/51-gogs-nat_rules
+++ b/tmpl/51-gogs-nat_rules
@ -3,7 +3,7 @@
 #
 # Rules for SSH git clone
 #
-/sbin/iptables -A eth0-cont -s 0/0 -p tcp --syn --dport %%git_ssh_port -d %%container_ip_forge -j ACCEPT
+/sbin/iptables -A eth0-cont -d 192.0.2.101/32 -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
 %if %%getVar('mode_conteneur_actif','non') == 'oui'
-/sbin/iptables -t nat -A PREROUTING -i eth0 -s 0/0 -p tcp --syn --dport %%git_ssh_port -j DNAT --to-destination %%container_ip_forge:%%git_ssh_port
+/sbin/iptables -t nat -A PREROUTING -i eth0 -s 0/0 -p tcp --syn --dport %%git_ssh_port -j DNAT --to-destination %%container_ip_forge:22
 %end if