diff options
Diffstat (limited to 'tools/conf/etc/rc.d/iptables')
-rwxr-xr-x | tools/conf/etc/rc.d/iptables | 81 |
1 files changed, 0 insertions, 81 deletions
diff --git a/tools/conf/etc/rc.d/iptables b/tools/conf/etc/rc.d/iptables deleted file mode 100755 index 23f5485..0000000 --- a/tools/conf/etc/rc.d/iptables +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/sh -# -# /etc/rc.d/iptables: load/unload iptable rules -# - -#rules=rules.v4 -rules=vlan.v4 - -iptables_clear () { - echo "clear all iptables tables" - iptables -F - iptables -X - iptables -t nat -F - iptables -t nat -X - iptables -t mangle -F - iptables -t mangle -X - iptables -t raw -F - iptables -t raw -X - iptables -t security -F - iptables -t security -X -} - -case $1 in - start) - iptables_clear - echo "starting IPv4 firewall filter table..." - /usr/sbin/iptables-restore < /etc/iptables/${rules} - ;; - stop) - iptables_clear - echo "stopping firewall and deny everyone..." - /usr/sbin/iptables -P INPUT DROP - /usr/sbin/iptables -P FORWARD DROP - /usr/sbin/iptables -P OUTPUT DROP - - # Unlimited on local - /usr/sbin/iptables -A INPUT -i lo -j ACCEPT - /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT - - # log everything else and drop - /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " - /usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " - /usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " - - ;; - open) - iptables_clear - echo "outgoing Open firewall and deny everyone..." - - /usr/sbin/iptables -P INPUT DROP - /usr/sbin/iptables -P FORWARD DROP - /usr/sbin/iptables -P OUTPUT ACCEPT - - /usr/sbin/iptables -A OUTPUT -j ACCEPT - - # Unlimited on local - /usr/sbin/iptables -A INPUT -i lo -j ACCEPT - /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT - - # Accept passive - /usr/sbin/iptables -A INPUT -p tcp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT - /usr/sbin/iptables -A INPUT -p udp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT - - # log everything else and drop - /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " - /usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " - /usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " - - ;; - - restart) - $0 stop - $0 start - ;; - *) - - echo "usage: $0 [start|stop|restart]" - ;; -esac - -# End of file |