version 2.98, 2013/09/28 09:22:42 |
version 2.100, 2013/09/28 10:07:18 |
|
|
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.97 2013-09-28 08:30:57 nepto Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.99 2013-09-28 09:25:35 nepto Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
|
|
accept_output_udp="${iface}_ACCEPT_OUTPUT_UDP" |
accept_output_udp="${iface}_ACCEPT_OUTPUT_UDP" |
ACCEPT_OUTPUT_UDP="${!accept_output_udp}" |
ACCEPT_OUTPUT_UDP="${!accept_output_udp}" |
|
|
|
|
# TCP |
# TCP |
if [ -z "$ACCEPT_OUTPUT_TCP" ]; then |
if [ -z "$ACCEPT_OUTPUT_TCP" ]; then |
for ip in ${!IPS}; do |
for ip in ${!IPS}; do |
output_tcp_str=" $ip($iface)"; |
output_tcp_str="$output_tcp_str $ip(${!riface})"; |
$IPTABLES -A OUTPUT -p TCP -o ${!riface} -s $ip -j ACCEPT |
$IPTABLES -A OUTPUT -p TCP -o ${!riface} -s $ip -j ACCEPT |
done |
done |
else |
else |
|
|
# UDP |
# UDP |
if [ -z "$ACCEPT_OUTPUT_UDP" ]; then |
if [ -z "$ACCEPT_OUTPUT_UDP" ]; then |
for ip in ${!IPS}; do |
for ip in ${!IPS}; do |
output_udp_str=" $ip($iface)"; |
output_udp_str="$output_udp_str $ip(${!riface})"; |
$IPTABLES -A OUTPUT -p UDP -o ${!riface} -s $ip -j ACCEPT |
$IPTABLES -A OUTPUT -p UDP -o ${!riface} -s $ip -j ACCEPT |
done |
done |
else |
else |
|
|
|
|
# ICMP |
# ICMP |
for ip in ${!IPS}; do |
for ip in ${!IPS}; do |
output_icmp_str=" $ip($iface)"; |
output_icmp_str="$output_icmp_str $ip(${!riface})"; |
$IPTABLES -A OUTPUT -p ICMP -o ${!riface} -s $ip -j ACCEPT |
$IPTABLES -A OUTPUT -p ICMP -o ${!riface} -s $ip -j ACCEPT |
done |
done |
done |
done |