version 2.99, 2013/09/28 09:25:35 |
version 2.101, 2013/09/28 18:51:30 |
|
|
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.98 2013-09-28 09:22:42 nepto Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.100 2013-09-28 10:07:18 nepto Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
|
|
output_icmp_str=""; |
output_icmp_str=""; |
|
|
for iface in $INTERFACES; do |
for iface in $INTERFACES; do |
|
gateway="Gateway_$iface"; |
riface="IFname_$iface"; |
riface="IFname_$iface"; |
IPS="IP_$iface"; |
IPS="IP_$iface"; |
|
|
|
|
accept_output_udp="${iface}_ACCEPT_OUTPUT_UDP" |
accept_output_udp="${iface}_ACCEPT_OUTPUT_UDP" |
ACCEPT_OUTPUT_UDP="${!accept_output_udp}" |
ACCEPT_OUTPUT_UDP="${!accept_output_udp}" |
|
|
|
|
# TCP |
# TCP |
if [ -z "$ACCEPT_OUTPUT_TCP" ]; then |
if [ -z "$ACCEPT_OUTPUT_TCP" ]; then |
for ip in ${!IPS}; do |
if [ -n "${!gateway}" ]; then |
output_tcp_str="$output_tcp_str $ip($iface)"; |
for ip in ${!IPS}; do |
$IPTABLES -A OUTPUT -p TCP -o ${!riface} -s $ip -j ACCEPT |
output_tcp_str="$output_tcp_str $ip:${!riface}:${!gateway}"; |
done |
$IPTABLES -A OUTPUT -p TCP -o ${!riface} -s $ip -j ACCEPT |
|
done |
|
fi |
else |
else |
print_info -en "$iface: Accepting OUTPUT TCP connections to ports:" |
print_info -en "$iface: Accepting OUTPUT TCP connections to ports:" |
for port in $ACCEPT_OUTPUT_TCP; do |
for port in $ACCEPT_OUTPUT_TCP; do |
|
|
|
|
# UDP |
# UDP |
if [ -z "$ACCEPT_OUTPUT_UDP" ]; then |
if [ -z "$ACCEPT_OUTPUT_UDP" ]; then |
for ip in ${!IPS}; do |
if [ -n "${!gateway}" ]; then |
output_udp_str="$output_udp_str $ip($iface)"; |
for ip in ${!IPS}; do |
$IPTABLES -A OUTPUT -p UDP -o ${!riface} -s $ip -j ACCEPT |
output_udp_str="$output_udp_str $ip:${!riface}:${!gateway}"; |
done |
$IPTABLES -A OUTPUT -p UDP -o ${!riface} -s $ip -j ACCEPT |
|
done |
|
fi |
else |
else |
print_info -en "$iface: Accepting OUTPUT UDP connections to ports:" |
print_info -en "$iface: Accepting OUTPUT UDP connections to ports:" |
for port in $ACCEPT_OUTPUT_UDP; do |
for port in $ACCEPT_OUTPUT_UDP; do |
|
|
fi |
fi |
|
|
# ICMP |
# ICMP |
for ip in ${!IPS}; do |
if [ -n "${!gateway}" ]; then |
output_icmp_str="$output_icmp_str $ip($iface)"; |
for ip in ${!IPS}; do |
$IPTABLES -A OUTPUT -p ICMP -o ${!riface} -s $ip -j ACCEPT |
output_icmp_str="$output_icmp_str $ip:${!riface}:${!gateway}"; |
done |
$IPTABLES -A OUTPUT -p ICMP -o ${!riface} -s $ip -j ACCEPT |
|
done |
|
fi |
done |
done |
|
|
if [ -n "$output_tcp_str" ]; then |
if [ -n "$output_tcp_str" ]; then |
print_info "Accepting OUTPUT TCP packets from $output_tcp_str done." |
print_info "Accepting OUTPUT TCP packets through $output_tcp_str done." |
fi |
fi |
if [ -n "$output_udp_str" ]; then |
if [ -n "$output_udp_str" ]; then |
print_info "Accepting OUTPUT UDP packets from $output_udp_str done." |
print_info "Accepting OUTPUT UDP packets through $output_udp_str done." |
fi |
fi |
if [ -n "$output_icmp_str" ]; then |
if [ -n "$output_icmp_str" ]; then |
print_info "Accepting OUTPUT ICMP packets from $output_icmp_str done." |
print_info "Accepting OUTPUT ICMP packets through $output_icmp_str done." |
fi |
fi |
} # }}} |
} # }}} |
|
|