github.com/dahs81/otto@v0.2.1-0.20160126165905-6400716cf085/builtin/infra/aws/data/vpc-public-private/nat_user_data.conf.tftpl

github.com/dahs81/otto@v0.2.1-0.20160126165905-6400716cf085/builtin/infra/aws/data/vpc-public-private/nat_user_data.conf.tftpl (about)

     1  #cloud-config
     2  apt_upgrade: true
     3  locale: en_US.UTF-8
     4  runcmd:
     5   - [ sh, -c, "echo 1 > /proc/sys/net/ipv4/ip_forward;echo 655361 > /proc/sys/net/netfilter/nf_conntrack_max" ]
     6   - [ iptables, -N, LOGGINGF ]
     7   - [ iptables, -N, LOGGINGI ]
     8   - [ iptables, -A, LOGGINGF, -m, limit, --limit, 2/min, -j, LOG, --log-prefix, "IPTables-FORWARD-Dropped: ", --log-level, 4 ]
     9   - [ iptables, -A, LOGGINGI, -m, limit, --limit, 2/min, -j, LOG, --log-prefix, "IPTables-INPUT-Dropped: ", --log-level, 4 ]
    10   - [ iptables, -A, LOGGINGF, -j, DROP ]
    11   - [ iptables, -A, LOGGINGI, -j, DROP ]
    12   - [ iptables, -A, FORWARD, -s, ${vpc_cidr}, -j, ACCEPT ]
    13   - [ iptables, -A, FORWARD, -j, LOGGINGF ]
    14   - [ iptables, -P, FORWARD, DROP ]
    15   - [ iptables, -I, FORWARD, -m, state, --state, "ESTABLISHED,RELATED", -j, ACCEPT ]
    16   - [ iptables, -t, nat, -I, POSTROUTING, -s, ${vpc_cidr}, -d, 0.0.0.0/0, -j, MASQUERADE ]
    17   - [ iptables, -A, INPUT, -s, ${vpc_cidr}, -j, ACCEPT ]
    18   - [ iptables, -A, INPUT, -p, tcp, --dport, 22, -m, state, --state, NEW, -j, ACCEPT ]
    19   - [ iptables, -I, INPUT, -m, state, --state, "ESTABLISHED,RELATED", -j, ACCEPT ]
    20   - [ iptables, -I, INPUT, -i, lo, -j, ACCEPT ]
    21   - [ iptables, -A, INPUT, -j, LOGGINGI ]
    22   - [ iptables, -P, INPUT, DROP ]