network revision

author: Silvino Silva <silvino@bk.ru> 2017-01-14 05:27:24 +0000
committer: Silvino Silva <silvino@bk.ru> 2017-01-14 05:27:24 +0000
commit: 5eeb7b45275d15b5562e07cdfd6738d76b1446a9 (patch)
tree: ffa41a5c7ea985a86581b6eece3f41fb553fe2ae /core
parent: 836980a6f974f34d5e5f43aee7c5b5aa6a92c8a0 (diff)
download: doc-5eeb7b45275d15b5562e07cdfd6738d76b1446a9.tar.gz
1 files changed, 55 insertions, 56 deletions
diff --git a/core/conf/rc.d/iptables b/core/conf/rc.d/iptables
index 3f29928..bb5cf91 100644
--- a/core/conf/rc.d/iptables
+++ b/core/conf/rc.d/iptables
@@ -3,80 +3,79 @@
 # /etc/rc.d/iptables: load/unload iptable rules
 #
 
-case $1 in
-start)
-  	echo "Starting IPv4 firewall filter table..."
-	/usr/sbin/iptables-restore < /etc/iptables/rules.v4
-	;;
-stop)
-	echo "Stopping firewall and deny everyone..."
-        iptables -F
-        iptables -X
-        iptables -t nat -F
-        iptables -t nat -X
-        iptables -t mangle -F
-        iptables -t mangle -X
-        iptables -t raw -F
-        iptables -t raw -X
-        iptables -t security -F
-        iptables -t security -X
+rules=rules.v4
+#rules=vlan.v4
+
+iptables_clear () {
+    echo "clear all iptables tables"
+    iptables -F
+    iptables -X
+    iptables -t nat -F
+    iptables -t nat -X
+    iptables -t mangle -F
+    iptables -t mangle -X
+    iptables -t raw -F
+    iptables -t raw -X
+    iptables -t security -F
+    iptables -t security -X
+}
 
+case $1 in
+    start)
+        iptables_clear
+        echo "starting IPv4 firewall filter table..."
+        /usr/sbin/iptables-restore < /etc/iptables/${rules}
+        ;;
+    stop)
+        iptables_clear
+        echo "stopping firewall and deny everyone..."
         /usr/sbin/iptables -P INPUT DROP
         /usr/sbin/iptables -P FORWARD DROP
         /usr/sbin/iptables -P OUTPUT DROP
 
-	# Unlimited on local
-	/usr/sbin/iptables -A INPUT -i lo -j ACCEPT
-	/usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT
+        # Unlimited on local
+        /usr/sbin/iptables -A INPUT -i lo -j ACCEPT
+        /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT
 
-	# log everything else and drop
-	/usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
-	/usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
-	/usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
+        # log everything else and drop
+        /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
+        /usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
+        /usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
 
-	;;
-open)
-	echo "Outgoing Open firewall and deny everyone..."
-        iptables -F
-        iptables -X
-        iptables -t nat -F
-        iptables -t nat -X
-        iptables -t mangle -F
-        iptables -t mangle -X
-        iptables -t raw -F
-        iptables -t raw -X
-        iptables -t security -F
-        iptables -t security -X
+        ;;
+    open)
+        iptables_clear
+        echo "outgoing Open firewall and deny everyone..."
 
         /usr/sbin/iptables -P INPUT DROP
         /usr/sbin/iptables -P FORWARD DROP
         /usr/sbin/iptables -P OUTPUT ACCEPT
 
-	# Unlimited on local
-	/usr/sbin/iptables -A INPUT -i lo -j ACCEPT
-	/usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT
-
-	# Accept passive
-	/usr/sbin/iptables -A INPUT -p tcp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
+        /usr/sbin/iptables -A OUTPUT -j ACCEPT
 
-	/usr/sbin/iptables -A INPUT -p udp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
+        # Unlimited on local
+        /usr/sbin/iptables -A INPUT -i lo -j ACCEPT
+        /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT
 
+        # Accept passive
+        /usr/sbin/iptables -A INPUT -p tcp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
+        /usr/sbin/iptables -A INPUT -p udp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
 
-	# log everything else and drop
-	/usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
-	#/usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
-	/usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
+        # log everything else and drop
+        /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
+        /usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
+        /usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
 
-	;;
+        ;;
 
-restart)
-	$0 stop
-	$0 start
-	;;
-*)
+    restart)
+        $0 stop
+        $0 start
+        ;;
+    *)
 
-	echo "usage: $0 [start|stop|restart]"
-	;;
+        echo "usage: $0 [start|stop|restart]"
+        ;;
 esac
 
 # End of file
author	Silvino Silva <silvino@bk.ru>	2017-01-14 05:27:24 +0000
committer	Silvino Silva <silvino@bk.ru>	2017-01-14 05:27:24 +0000
commit	5eeb7b45275d15b5562e07cdfd6738d76b1446a9 (patch)
tree	ffa41a5c7ea985a86581b6eece3f41fb553fe2ae /core
parent	836980a6f974f34d5e5f43aee7c5b5aa6a92c8a0 (diff)
download	doc-5eeb7b45275d15b5562e07cdfd6738d76b1446a9.tar.gz