diff options
| author | Silvino <silvino@bk.ru> | 2019-06-08 01:49:10 +0100 |
|---|---|---|
| committer | Silvino <silvino@bk.ru> | 2019-06-08 23:07:46 +0100 |
| commit | f905c797c8f2ec87a8aa641a44c49fc1d0a23ebe (patch) | |
| tree | a878feb974ad47f33625a9d4b84d0b1258c0e3ec /core/conf/rc.d/iptables | |
| parent | 923321515685eed09a269d5643135b7c3a4e865d (diff) | |
| download | doc-f905c797c8f2ec87a8aa641a44c49fc1d0a23ebe.tar.gz | |
core network better iptables documentation
Diffstat (limited to 'core/conf/rc.d/iptables')
| -rw-r--r-- | core/conf/rc.d/iptables | 110 |
1 files changed, 42 insertions, 68 deletions
diff --git a/core/conf/rc.d/iptables b/core/conf/rc.d/iptables index f8896cc..cc7c765 100644 --- a/core/conf/rc.d/iptables +++ b/core/conf/rc.d/iptables @@ -4,85 +4,59 @@ TYPE=bridge #TYPE=server #TYPE=open +echo "clear all iptables tables" + +${IPT} -F +${IPT} -X +${IPT} -t nat -F +${IPT} -t nat -X +${IPT} -t mangle -F +${IPT} -t mangle -X +${IPT} -t raw -F +${IPT} -t raw -X +${IPT} -t security -F +${IPT} -t security -X + +# Set Default Rules +${IPT} -P INPUT DROP +${IPT} -P FORWARD DROP +${IPT} -P OUTPUT DROP + +${IPT} -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT +${IPT} -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT case $1 in start) - echo "clear all iptables tables" + case $TYPE in + bridge) - ${IPT} -F - ${IPT} -X - ${IPT} -t nat -F - ${IPT} -t nat -X - ${IPT} -t mangle -F - ${IPT} -t mangle -X - ${IPT} -t raw -F - ${IPT} -t raw -X - ${IPT} -t security -F - ${IPT} -t security -X + echo "setting bridge network..." + echo 1 > /proc/sys/net/ipv4/ip_forward - # Set Default Rules - ${IPT} -P INPUT DROP - ${IPT} -P FORWARD DROP - ${IPT} -P OUTPUT DROP + ## load bridge configuration + iptables-restore /etc/iptables/bridge.v4 - ${IPT} -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT - ${IPT} -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT + ;; + server) + echo "setting server network..." + ## load server configuration + iptables-restore /etc/iptables/server.v4 - case $TYPE in - bridge) - - echo "setting bridge ${BR_IF} network..." - echo 1 > /proc/sys/net/ipv4/ip_forward - - ## load bridge configuration - iptables-restore /etc/iptables/bridge.v4 - - ;; - server) - - ## load server configuration - iptables-restore /etc/iptables/server.v4 - - ;; - open) - - ## load client configuration - iptables-restore /etc/iptables/open.v4 - - ;; - - esac ;; - stop) - - echo "clear all iptables tables" - - ${IPT} -F - ${IPT} -X - ${IPT} -t nat -F - ${IPT} -t nat -X - ${IPT} -t mangle -F - ${IPT} -t mangle -X - ${IPT} -t raw -F - ${IPT} -t raw -X - ${IPT} -t security -F - ${IPT} -t security -X - - # Set Default Rules - ${IPT} -P INPUT DROP - ${IPT} -P FORWARD DROP - ${IPT} -P OUTPUT DROP + open) - ${IPT} -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT - ${IPT} -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT + echo "setting client network..." + ## load client configuration + iptables-restore /etc/iptables/open.v4 ;; - restart) - $0 stop - $0 start - ;; + esac + ;; + stop) + + ;; *) - echo "Usage: $0 [start|stop|restart]" - ;; + echo "Usage: $0 [start|stop]" + ;; esac |