diff options
| author | Silvino <silvino@bk.ru> | 2019-06-08 01:49:23 +0100 |
|---|---|---|
| committer | Silvino <silvino@bk.ru> | 2019-06-08 01:49:23 +0100 |
| commit | 923321515685eed09a269d5643135b7c3a4e865d (patch) | |
| tree | f8c710d7f69aff8cd2fdf3edd99094ecba1dffae /core/conf/rc.d/iptables | |
| parent | 8af00e259088a5a6c44e45c1a6d0efabf1fa155a (diff) | |
| parent | 045ea9a3815a56609af07a3c7d9df6fcc18910a5 (diff) | |
| download | doc-923321515685eed09a269d5643135b7c3a4e865d.tar.gz | |
Merge branch 'develop' of git:doc into develop
Diffstat (limited to 'core/conf/rc.d/iptables')
| -rw-r--r-- | core/conf/rc.d/iptables | 76 |
1 files changed, 60 insertions, 16 deletions
diff --git a/core/conf/rc.d/iptables b/core/conf/rc.d/iptables index d4f9ebc..f8896cc 100644 --- a/core/conf/rc.d/iptables +++ b/core/conf/rc.d/iptables @@ -1,38 +1,82 @@ -source /etc/iptables/ipt-conf.sh -source /etc/iptables/ipt-firewall.sh +IPT="/usr/sbin/iptables" +TYPE=bridge +#TYPE=server +#TYPE=open + case $1 in start) - ipt_clear - ipt_tables + echo "clear all iptables tables" + + ${IPT} -F + ${IPT} -X + ${IPT} -t nat -F + ${IPT} -t nat -X + ${IPT} -t mangle -F + ${IPT} -t mangle -X + ${IPT} -t raw -F + ${IPT} -t raw -X + ${IPT} -t security -F + ${IPT} -t security -X + + # Set Default Rules + ${IPT} -P INPUT DROP + ${IPT} -P FORWARD DROP + ${IPT} -P OUTPUT DROP + + ${IPT} -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT + ${IPT} -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT + + case $TYPE in bridge) - ## load bridge configuration - source /etc/iptables/ipt-bridge.sh - - ## log everything else and drop - ipt_log + echo "setting bridge ${BR_IF} network..." + echo 1 > /proc/sys/net/ipv4/ip_forward - iptables-save > /etc/iptables/bridge.v4 + ## load bridge configuration + iptables-restore /etc/iptables/bridge.v4 - ;; + ;; server) ## load server configuration - source /etc/iptables/iptables-conf.sh + iptables-restore /etc/iptables/server.v4 + + ;; + open) - ## log everything else and drop - ipt_log + ## load client configuration + iptables-restore /etc/iptables/open.v4 - iptables-save > /etc/iptables/server.v4 ;; + esac ;; stop) - ipt_clear + echo "clear all iptables tables" + + ${IPT} -F + ${IPT} -X + ${IPT} -t nat -F + ${IPT} -t nat -X + ${IPT} -t mangle -F + ${IPT} -t mangle -X + ${IPT} -t raw -F + ${IPT} -t raw -X + ${IPT} -t security -F + ${IPT} -t security -X + + # Set Default Rules + ${IPT} -P INPUT DROP + ${IPT} -P FORWARD DROP + ${IPT} -P OUTPUT DROP + + ${IPT} -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT + ${IPT} -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT + ;; restart) $0 stop |