diff options
| author | Silvino Silva <silvino@bk.ru> | 2020-04-20 01:03:12 +0100 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2020-04-20 01:03:12 +0100 |
| commit | 6ca80c0a296cb44bc2b335211df86e8a95383cdf (patch) | |
| tree | 809ca0fc2eee0353d7040539310605d0e113b3d7 /core/conf/rc.d/iptables | |
| parent | fd186246f96768b8398f0ffe32ef136cb895fa21 (diff) | |
| parent | 5eec098c537ed98f76af59c37a54cb45645cc2a6 (diff) | |
| download | doc-6ca80c0a296cb44bc2b335211df86e8a95383cdf.tar.gz | |
Merge branch 'master' into develop
Diffstat (limited to 'core/conf/rc.d/iptables')
| -rw-r--r-- | core/conf/rc.d/iptables | 90 |
1 files changed, 7 insertions, 83 deletions
diff --git a/core/conf/rc.d/iptables b/core/conf/rc.d/iptables index f8b7881..44f6bb2 100644 --- a/core/conf/rc.d/iptables +++ b/core/conf/rc.d/iptables @@ -1,96 +1,20 @@ #!/bin/bash -IPT="/usr/sbin/iptables" -#TYPE=bridge -#TYPE=server -TYPE=open -#TYPE=client - -clear_ipt() { - - ${IPT} -F - ${IPT} -X - ${IPT} -t nat -F - ${IPT} -t nat -X - ${IPT} -t mangle -F - ${IPT} -t mangle -X - ${IPT} -t raw -F - ${IPT} -t raw -X - ${IPT} -t security -F - ${IPT} -t security -X - -} - case $1 in start) - case $TYPE in - bridge) - clear_ipt - echo "setting bridge network..." - echo 1 > /proc/sys/net/ipv4/ip_forward - - ## load bridge configuration - iptables-restore /etc/iptables/bridge.v4 - - ;; - server) - clear_ipt - echo "setting server network..." - ## load server configuration - iptables-restore /etc/iptables/server.v4 - - ;; - client) - clear_ipt - echo "setting client network..." - ## load client configuration - iptables-restore /etc/iptables/client.v4 - ;; - open) - clear_ipt - echo "setting open network..." - ## load client configuration - - ${IPT} -P INPUT DROP - ${IPT} -P FORWARD DROP - ${IPT} -P OUTPUT ACCEPT - - ${IPT} -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT - ${IPT} -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT - - ${IPT} -A INPUT -p tcp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT - ${IPT} -A INPUT -p udp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT - - ${IPT} -A OUTPUT -j ACCEPT - - ${IPT} -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " - ${IPT} -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " - #${IPT} -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " - - - ;; - esac + echo "clear all iptables tables" + #nohup bash /etc/iptables/ipt-start.sh & + nohup bash /etc/iptables/ipt-start.sh & ;; stop) - echo "clear all iptables tables" - clear_ipt - # Set Default Rules - ${IPT} -P INPUT DROP - ${IPT} -P FORWARD DROP - ${IPT} -P OUTPUT DROP - - ${IPT} -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " - ${IPT} -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " - ${IPT} -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " - - + echo "clear all iptables tables" + nohup bash /etc/iptables/ipt-stop.sh & ;; restart) - clear_ipt - $0 start + $0 start ;; status) - ${IPT} -v + /usr/sbin/iptables -L -n -v ;; *) echo "Usage: $0 [start|stop]" |