diff options
Diffstat (limited to 'core/conf/rc.d/iptables')
| -rw-r--r-- | core/conf/rc.d/iptables | 83 |
1 files changed, 53 insertions, 30 deletions
diff --git a/core/conf/rc.d/iptables b/core/conf/rc.d/iptables index 9471f99..cc7c765 100644 --- a/core/conf/rc.d/iptables +++ b/core/conf/rc.d/iptables @@ -1,39 +1,62 @@ -source /etc/iptables/ipt-conf.sh -source /etc/iptables/ipt-firewall.sh +IPT="/usr/sbin/iptables" +TYPE=bridge +#TYPE=server +#TYPE=open + +echo "clear all iptables tables" + +${IPT} -F +${IPT} -X +${IPT} -t nat -F +${IPT} -t nat -X +${IPT} -t mangle -F +${IPT} -t mangle -X +${IPT} -t raw -F +${IPT} -t raw -X +${IPT} -t security -F +${IPT} -t security -X + +# Set Default Rules +${IPT} -P INPUT DROP +${IPT} -P FORWARD DROP +${IPT} -P OUTPUT DROP + +${IPT} -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT +${IPT} -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT case $1 in start) - ipt_clear - ipt_tables - case $TYPE in - bridge) - source /etc/iptables/ipt-bridge.sh - - ## log everything else and drop - ipt_log - - iptables-save > /etc/iptables/bridge.v4 - ;; - server) - source /etc/iptables/iptables-conf.sh - - ## log everything else and drop - ipt_log - - iptables-save > /etc/iptables/net.v4 - ;; - esac - ;; - stop) + case $TYPE in + bridge) + + echo "setting bridge network..." + echo 1 > /proc/sys/net/ipv4/ip_forward + + ## load bridge configuration + iptables-restore /etc/iptables/bridge.v4 + + ;; + server) + + echo "setting server network..." + ## load server configuration + iptables-restore /etc/iptables/server.v4 - ipt_clear ;; - restart) - $0 stop - $0 start + open) + + echo "setting client network..." + ## load client configuration + iptables-restore /etc/iptables/open.v4 + ;; + esac + ;; + stop) + + ;; *) - echo "Usage: $0 [start|stop|restart]" - ;; + echo "Usage: $0 [start|stop]" + ;; esac |