fix

caddy/iptables/iptables-caddy.sh

@@ -1,7 +1,4 @@
 #!/bin/sh
-#
-# mitchs iptables skeleton config
-# -------------------------------------------
 
 # -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
 # variables
@@ -20,14 +17,11 @@ iptables -P FORWARD DROP
 
 # ========================================================================
 # CADDY IPTABLES CONFIG
-#
-# permit any traffic on local lan
-iptables -A OUTPUT -j ACCEPT -d $SUBNET.0/24 -p tcp -m state --state NEW
-iptables -A OUTPUT -j ACCEPT -d $SUBNET.0/24 -p udp -m state --state NEW
 
-# permit 443 inbound from outside
+# allow any tcp traffic on local lan
-iptables -A INPUT -j ACCEPT -p tcp --dport 443 -m state --state NEW,ESTABLISHED
+iptables -A OUTPUT -j ACCEPT -d $SUBNET.0/24 -p tcp -m state --state NEW,ESTABLISHED,RELATED
-####iptables -A INPUT -j ACCEPT -p tcp --dport 80 -m state --state NEW,ESTABLISHED
+# only allow input on 443
+iptables -A INPUT  -j ACCEPT -d $SUBNET.0/24 -p tcp --dport 443 -m state --state NEW,ESTABLISHED,RELATED
 # ========================================================================
 
 # dns to pihole