diff options
| author | Silvino Silva <silvino@bk.ru> | 2019-06-07 23:39:05 +0000 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2019-06-07 23:39:05 +0000 |
| commit | 045ea9a3815a56609af07a3c7d9df6fcc18910a5 (patch) | |
| tree | 29eb52783ec09481a6f6874164789efc1dc42242 /core/conf/rc.d/iptables | |
| parent | 175b83995519059948b5d2e9da4a76c7ab070bc3 (diff) | |
| download | doc-045ea9a3815a56609af07a3c7d9df6fcc18910a5.tar.gz | |
iptables scripts revision
Diffstat (limited to 'core/conf/rc.d/iptables')
| -rw-r--r-- | core/conf/rc.d/iptables | 76 |
1 files changed, 60 insertions, 16 deletions
diff --git a/core/conf/rc.d/iptables b/core/conf/rc.d/iptables index d4f9ebc..f8896cc 100644 --- a/core/conf/rc.d/iptables +++ b/core/conf/rc.d/iptables @@ -1,38 +1,82 @@ -source /etc/iptables/ipt-conf.sh -source /etc/iptables/ipt-firewall.sh +IPT="/usr/sbin/iptables" +TYPE=bridge +#TYPE=server +#TYPE=open + case $1 in start) - ipt_clear - ipt_tables + echo "clear all iptables tables" + + ${IPT} -F + ${IPT} -X + ${IPT} -t nat -F + ${IPT} -t nat -X + ${IPT} -t mangle -F + ${IPT} -t mangle -X + ${IPT} -t raw -F + ${IPT} -t raw -X + ${IPT} -t security -F + ${IPT} -t security -X + + # Set Default Rules + ${IPT} -P INPUT DROP + ${IPT} -P FORWARD DROP + ${IPT} -P OUTPUT DROP + + ${IPT} -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT + ${IPT} -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT + + case $TYPE in bridge) - ## load bridge configuration - source /etc/iptables/ipt-bridge.sh - - ## log everything else and drop - ipt_log + echo "setting bridge ${BR_IF} network..." + echo 1 > /proc/sys/net/ipv4/ip_forward - iptables-save > /etc/iptables/bridge.v4 + ## load bridge configuration + iptables-restore /etc/iptables/bridge.v4 - ;; + ;; server) ## load server configuration - source /etc/iptables/iptables-conf.sh + iptables-restore /etc/iptables/server.v4 + + ;; + open) - ## log everything else and drop - ipt_log + ## load client configuration + iptables-restore /etc/iptables/open.v4 - iptables-save > /etc/iptables/server.v4 ;; + esac ;; stop) - ipt_clear + echo "clear all iptables tables" + + ${IPT} -F + ${IPT} -X + ${IPT} -t nat -F + ${IPT} -t nat -X + ${IPT} -t mangle -F + ${IPT} -t mangle -X + ${IPT} -t raw -F + ${IPT} -t raw -X + ${IPT} -t security -F + ${IPT} -t security -X + + # Set Default Rules + ${IPT} -P INPUT DROP + ${IPT} -P FORWARD DROP + ${IPT} -P OUTPUT DROP + + ${IPT} -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT + ${IPT} -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT + ;; restart) $0 stop |