about summary refs log tree commit diff stats
path: root/core/conf/rc.d
diff options
context:
space:
mode:
Diffstat (limited to 'core/conf/rc.d')
-rw-r--r--core/conf/rc.d/iptables86
1 files changed, 61 insertions, 25 deletions
diff --git a/core/conf/rc.d/iptables b/core/conf/rc.d/iptables
index cc7c765..f8b7881 100644
--- a/core/conf/rc.d/iptables
+++ b/core/conf/rc.d/iptables
@@ -1,35 +1,31 @@
+#!/bin/bash
 
 IPT="/usr/sbin/iptables"
-TYPE=bridge
+#TYPE=bridge
 #TYPE=server
-#TYPE=open
+TYPE=open
+#TYPE=client
 
-echo "clear all iptables tables"
+clear_ipt() {
 
-${IPT} -F
-${IPT} -X
-${IPT} -t nat -F
-${IPT} -t nat -X
-${IPT} -t mangle -F
-${IPT} -t mangle -X
-${IPT} -t raw -F
-${IPT} -t raw -X
-${IPT} -t security -F
-${IPT} -t security -X
+	${IPT} -F
+	${IPT} -X
+	${IPT} -t nat -F
+	${IPT} -t nat -X
+	${IPT} -t mangle -F
+	${IPT} -t mangle -X
+	${IPT} -t raw -F
+	${IPT} -t raw -X
+	${IPT} -t security -F
+	${IPT} -t security -X
 
-# Set Default Rules
-${IPT} -P INPUT DROP
-${IPT} -P FORWARD DROP
-${IPT} -P OUTPUT DROP
-
-${IPT} -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
-${IPT} -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
+}
 
 case $1 in
 	start)
             case $TYPE in
                 bridge)
-
+		    clear_ipt
                     echo "setting bridge network..."
                     echo 1 > /proc/sys/net/ipv4/ip_forward
 
@@ -38,23 +34,63 @@ case $1 in
 
    		;;
 		server)
-
+		    clear_ipt
                     echo "setting server network..."
                     ## load server configuration
                     iptables-restore /etc/iptables/server.v4
 
 		;;
-		open)
-
+		client)
+		    clear_ipt
                     echo "setting client network..."
                     ## load client configuration
-                    iptables-restore /etc/iptables/open.v4
+                    iptables-restore /etc/iptables/client.v4
+		;;
+		open)
+		    clear_ipt
+                    echo "setting open network..."
+                    ## load client configuration
+
+			${IPT} -P INPUT DROP
+			${IPT} -P FORWARD DROP
+			${IPT} -P OUTPUT ACCEPT
+
+			${IPT} -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
+			${IPT} -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
+
+			${IPT} -A INPUT -p tcp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
+			${IPT} -A INPUT -p udp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+			${IPT} -A OUTPUT  -j ACCEPT
+
+			${IPT} -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
+			${IPT} -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
+			#${IPT} -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
+
 
 		;;
 	    esac
 	;;
         stop)
+		echo "clear all iptables tables"
+		clear_ipt
+		# Set Default Rules
+		${IPT} -P INPUT DROP
+		${IPT} -P FORWARD DROP
+		${IPT} -P OUTPUT DROP
+
+		${IPT} -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
+		${IPT} -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
+		${IPT} -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
 
+
+	;;
+	restart)
+		clear_ipt
+        	$0 start
+        ;;
+	status)
+		${IPT} -v
 	;;
 	*)
 	    echo "Usage: $0 [start|stop]"