diff options
author | Silvino Silva <silvino@bk.ru> | 2018-04-11 18:05:41 +0100 |
---|---|---|
committer | Silvino Silva <silvino@bk.ru> | 2018-04-11 18:05:41 +0100 |
commit | f5955b57400b065d77fc115c821c18864f3dae02 (patch) | |
tree | 211e76707a3e978afd8fc6ac55e68285ba7c2c62 /tools/conf/etc/rc.d/iptables | |
parent | 8ee63f12e337f97013cfa3cb3d3b27f15f88dfcd (diff) | |
parent | f3ec364b8579a2aa7a31e6b385424403e9fd131e (diff) | |
download | doc-f5955b57400b065d77fc115c821c18864f3dae02.tar.gz |
Doc version 0.0.4
Diffstat (limited to 'tools/conf/etc/rc.d/iptables')
-rwxr-xr-x | tools/conf/etc/rc.d/iptables | 81 |
1 files changed, 0 insertions, 81 deletions
diff --git a/tools/conf/etc/rc.d/iptables b/tools/conf/etc/rc.d/iptables deleted file mode 100755 index 23f5485..0000000 --- a/tools/conf/etc/rc.d/iptables +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/sh -# -# /etc/rc.d/iptables: load/unload iptable rules -# - -#rules=rules.v4 -rules=vlan.v4 - -iptables_clear () { - echo "clear all iptables tables" - iptables -F - iptables -X - iptables -t nat -F - iptables -t nat -X - iptables -t mangle -F - iptables -t mangle -X - iptables -t raw -F - iptables -t raw -X - iptables -t security -F - iptables -t security -X -} - -case $1 in - start) - iptables_clear - echo "starting IPv4 firewall filter table..." - /usr/sbin/iptables-restore < /etc/iptables/${rules} - ;; - stop) - iptables_clear - echo "stopping firewall and deny everyone..." - /usr/sbin/iptables -P INPUT DROP - /usr/sbin/iptables -P FORWARD DROP - /usr/sbin/iptables -P OUTPUT DROP - - # Unlimited on local - /usr/sbin/iptables -A INPUT -i lo -j ACCEPT - /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT - - # log everything else and drop - /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " - /usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " - /usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " - - ;; - open) - iptables_clear - echo "outgoing Open firewall and deny everyone..." - - /usr/sbin/iptables -P INPUT DROP - /usr/sbin/iptables -P FORWARD DROP - /usr/sbin/iptables -P OUTPUT ACCEPT - - /usr/sbin/iptables -A OUTPUT -j ACCEPT - - # Unlimited on local - /usr/sbin/iptables -A INPUT -i lo -j ACCEPT - /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT - - # Accept passive - /usr/sbin/iptables -A INPUT -p tcp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT - /usr/sbin/iptables -A INPUT -p udp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT - - # log everything else and drop - /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " - /usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " - /usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " - - ;; - - restart) - $0 stop - $0 start - ;; - *) - - echo "usage: $0 [start|stop|restart]" - ;; -esac - -# End of file |