Block outgoing traffic if service not enabled

commit: ae940f2d1ffc49a182bac66005f0aee7180a64f4 [log] [tgz]
author: Andy Bavier <acb@cs.princeton.edu> Fri Mar 04 11:51:26 2016 -0500
committer: Andy Bavier <acb@cs.princeton.edu> Fri Mar 04 11:51:26 2016 -0500
tree: e34e2c03cabfb75e86c42934249b75f1502f0c47
parent: 8644b34c99e92b4bd8642dd592f58ce95cd87fb9 [diff]
diff --git a/xos/synchronizers/vcpe/templates/before.rules.j2 b/xos/synchronizers/vcpe/templates/before.rules.j2
index e6f7d4a..cbe2fa7 100644
--- a/xos/synchronizers/vcpe/templates/before.rules.j2
+++ b/xos/synchronizers/vcpe/templates/before.rules.j2

@@ -37,6 +37,11 @@
 :ufw-not-local - [0:0]
 # End required lines
 
+# Customer service status
+{% if status != "enabled" %}
+-A FORWARD -o eth0 -j DROP
+{% endif %}
+
 # allow all on loopback
 -A ufw-before-input -i lo -j ACCEPT
 -A ufw-before-output -o lo -j ACCEPT
commit	ae940f2d1ffc49a182bac66005f0aee7180a64f4	[log] [tgz]
author	Andy Bavier <acb@cs.princeton.edu>	Fri Mar 04 11:51:26 2016 -0500
committer	Andy Bavier <acb@cs.princeton.edu>	Fri Mar 04 11:51:26 2016 -0500
tree	e34e2c03cabfb75e86c42934249b75f1502f0c47
parent	8644b34c99e92b4bd8642dd592f58ce95cd87fb9 [diff]