diff options
| author | Silvino Silva <silvino@bk.ru> | 2020-02-17 06:43:09 +0000 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2020-02-17 16:39:18 +0000 |
| commit | d9ddaa49950198fbdae3e18e95506b4451eb9fbc (patch) | |
| tree | 93020b7598c3d8a2b689921132b8fadeaeddab37 /core/conf/iptables/ipt-firewall.sh | |
| parent | 957436d2e08d43e9cb8cb2a6904ff6a8b81d917a (diff) | |
| download | doc-d9ddaa49950198fbdae3e18e95506b4451eb9fbc.tar.gz | |
several configuration fix's
Diffstat (limited to 'core/conf/iptables/ipt-firewall.sh')
| -rw-r--r-- | core/conf/iptables/ipt-firewall.sh | 129 |
1 files changed, 71 insertions, 58 deletions
diff --git a/core/conf/iptables/ipt-firewall.sh b/core/conf/iptables/ipt-firewall.sh index 0a947e6..6dc4f4f 100644 --- a/core/conf/iptables/ipt-firewall.sh +++ b/core/conf/iptables/ipt-firewall.sh @@ -3,65 +3,75 @@ ipt_clear () { echo "clear all iptables tables" - iptables -F - iptables -X - iptables -t nat -F - iptables -t nat -X - iptables -t mangle -F - iptables -t mangle -X - iptables -t raw -F - iptables -t raw -X - iptables -t security -F - iptables -t security -X - iptables -N blocker - iptables -N blockip_in - iptables -N blockip_out - - iptables -N srv_dhcp - iptables -N srv_rip - iptables -N srv_icmp - iptables -N srv_ntp - iptables -N srv_dns_in - iptables -N srv_dns_out - iptables -N srv_http_in - iptables -N srv_http_out - iptables -N srv_https_in - iptables -N srv_https_out - iptables -N srv_smtp_in - iptables -N srv_smtp_out - iptables -N srv_ssh_in - iptables -N srv_ssh_out - iptables -N srv_git_in - iptables -N srv_git_out - iptables -N srv_db_in - iptables -N srv_db_out - - - iptables -N cli_dns_in - iptables -N cli_dns_out - iptables -N cli_http_in - iptables -N cli_http_out - iptables -N cli_https_in - iptables -N cli_https_out - iptables -N cli_ssh_in - iptables -N cli_ssh_out - iptables -N cli_pops_in - iptables -N cli_pops_out - iptables -N cli_smtps_in - iptables -N cli_smtps_out - iptables -N cli_irc_in - iptables -N cli_irc_out - iptables -N cli_ftp_in - iptables -N cli_ftp_out - iptables -N cli_git_in - iptables -N cli_git_out - iptables -N cli_gpg_in - iptables -N cli_gpg_out + $IPT -F + $IPT -X + $IPT6 -F + $IPT6 -X + $PIT4 -Z + $PIT6 -Z + $IPT -t nat -F + $IPT -t nat -X + $IPT -t mangle -F + $IPT -t mangle -X + $IPT -t raw -F + $IPT -t raw -X + $IPT -t security -F + $IPT -t security -X + $IPT -N blocker + $IPT -N blockip_in + $IPT -N blockip_out + + $IPT -N srv_dhcp + $IPT -N srv_rip + $IPT -N srv_icmp + $IPT -N srv_ntp + $IPT -N srv_dns_in + $IPT -N srv_dns_out + $IPT -N srv_http_in + $IPT -N srv_http_out + $IPT -N srv_https_in + $IPT -N srv_https_out + $IPT -N srv_smtp_in + $IPT -N srv_smtp_out + $IPT -N srv_ssh_in + $IPT -N srv_ssh_out + $IPT -N srv_git_in + $IPT -N srv_git_out + $IPT -N srv_db_in + $IPT -N srv_db_out + + + $IPT -N cli_dns_in + $IPT -N cli_dns_out + $IPT -N cli_http_in + $IPT -N cli_http_out + $IPT -N cli_https_in + $IPT -N cli_https_out + $IPT -N cli_ssh_in + $IPT -N cli_ssh_out + $IPT -N cli_pops_in + $IPT -N cli_pops_out + $IPT -N cli_smtps_in + $IPT -N cli_smtps_out + $IPT -N cli_irc_in + $IPT -N cli_irc_out + $IPT -N cli_ftp_in + $IPT -N cli_ftp_out + $IPT -N cli_git_in + $IPT -N cli_git_out + $IPT -N cli_gpg_in + $IPT -N cli_gpg_out # Set Default Rules - iptables -P INPUT DROP - iptables -P FORWARD DROP - iptables -P OUTPUT DROP + $IPT -P INPUT DROP + $IPT -P FORWARD DROP + $IPT -P OUTPUT DROP + + # Set Default Rules + $IPT6 -P INPUT DROP + $IPT6 -P FORWARD DROP + $IPT6 -P OUTPUT DROP + } ipt_log () { @@ -69,8 +79,11 @@ ipt_log () { $IPT -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " $IPT -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " $IPT -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " -} + $IPT6 -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " + $IPT6 -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " + $IPT6 -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " +} ipt_tables () { echo "start adding tables..." |