diff options
Diffstat (limited to 'core/conf/rc.d/iptables')
-rw-r--r-- | core/conf/rc.d/iptables | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/core/conf/rc.d/iptables b/core/conf/rc.d/iptables index bb5cf91..dd17b97 100644 --- a/core/conf/rc.d/iptables +++ b/core/conf/rc.d/iptables @@ -3,8 +3,7 @@ # /etc/rc.d/iptables: load/unload iptable rules # -rules=rules.v4 -#rules=vlan.v4 +rules=/etc/iptables/net.v4 iptables_clear () { echo "clear all iptables tables" @@ -22,9 +21,8 @@ iptables_clear () { case $1 in start) - iptables_clear echo "starting IPv4 firewall filter table..." - /usr/sbin/iptables-restore < /etc/iptables/${rules} + /usr/sbin/iptables-restore ${rules} ;; stop) iptables_clear @@ -51,6 +49,12 @@ case $1 in /usr/sbin/iptables -P FORWARD DROP /usr/sbin/iptables -P OUTPUT ACCEPT + /usr/sbin/iptables -t mangle -P PREROUTING ACCEPT + /usr/sbin/iptables -t mangle -P INPUT ACCEPT + /usr/sbin/iptables -t mangle -P FORWARD ACCEPT + /usr/sbin/iptables -t mangle -P OUTPUT ACCEPT + /usr/sbin/iptables -t mangle -P POSTROUTING ACCEPT + /usr/sbin/iptables -A OUTPUT -j ACCEPT # Unlimited on local @@ -58,8 +62,9 @@ case $1 in /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT # Accept passive - /usr/sbin/iptables -A INPUT -p tcp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT - /usr/sbin/iptables -A INPUT -p udp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT + /usr/sbin/iptables -A INPUT -p tcp --dport 1024: -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT + /usr/sbin/iptables -A INPUT -p tcp --dport 1024: -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT + /usr/sbin/iptables -A INPUT -p udp --dport 1024: -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT # log everything else and drop /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " |