about summary refs log tree commit diff stats
path: root/core/conf/rc.d/iptables
diff options
context:
space:
mode:
Diffstat (limited to 'core/conf/rc.d/iptables')
-rw-r--r--core/conf/rc.d/iptables17
1 files changed, 11 insertions, 6 deletions
diff --git a/core/conf/rc.d/iptables b/core/conf/rc.d/iptables
index bb5cf91..dd17b97 100644
--- a/core/conf/rc.d/iptables
+++ b/core/conf/rc.d/iptables
@@ -3,8 +3,7 @@
 # /etc/rc.d/iptables: load/unload iptable rules
 #
 
-rules=rules.v4
-#rules=vlan.v4
+rules=/etc/iptables/net.v4
 
 iptables_clear () {
     echo "clear all iptables tables"
@@ -22,9 +21,8 @@ iptables_clear () {
 
 case $1 in
     start)
-        iptables_clear
         echo "starting IPv4 firewall filter table..."
-        /usr/sbin/iptables-restore < /etc/iptables/${rules}
+        /usr/sbin/iptables-restore ${rules}
         ;;
     stop)
         iptables_clear
@@ -51,6 +49,12 @@ case $1 in
         /usr/sbin/iptables -P FORWARD DROP
         /usr/sbin/iptables -P OUTPUT ACCEPT
 
+	/usr/sbin/iptables -t mangle -P PREROUTING ACCEPT
+	/usr/sbin/iptables -t mangle -P INPUT ACCEPT
+	/usr/sbin/iptables -t mangle -P FORWARD ACCEPT
+	/usr/sbin/iptables -t mangle -P OUTPUT ACCEPT
+	/usr/sbin/iptables -t mangle -P POSTROUTING ACCEPT
+
         /usr/sbin/iptables -A OUTPUT -j ACCEPT
 
         # Unlimited on local
@@ -58,8 +62,9 @@ case $1 in
         /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT
 
         # Accept passive
-        /usr/sbin/iptables -A INPUT -p tcp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
-        /usr/sbin/iptables -A INPUT -p udp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
+        /usr/sbin/iptables -A INPUT -p tcp --dport 1024: -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
+        /usr/sbin/iptables -A INPUT -p tcp --dport 1024: -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
+        /usr/sbin/iptables -A INPUT -p udp --dport 1024: -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
 
         # log everything else and drop
         /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "