version 2.100, 2013/09/28 10:07:18 |
version 2.104, 2015/10/12 22:41:24 |
|
|
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.99 2013-09-28 09:25:35 nepto Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.103 2014-04-29 23:22:55 nepto Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
|
|
port="ALL"; |
port="ALL"; |
fi |
fi |
print_info -en " $port"`[ ! -z "$src_ip" ] && echo "[$src_ip]"` |
print_info -en " $port"`[ ! -z "$src_ip" ] && echo "[$src_ip]"` |
if [ $(( ++counter )) -ge 5 ]; then counter=0; print_info ""; fi; |
if [ $(( ++counter )) -ge 5 -o "x$port" = "x10050" ]; then counter=0; print_info ""; fi; |
echo $port | grep -q , |
echo $port | grep -q , |
multiport="$?"; |
multiport="$?"; |
if [ "$multiport" -eq 0 ]; then |
if [ "$multiport" -eq 0 ]; then |
|
|
output_icmp_str=""; |
output_icmp_str=""; |
|
|
for iface in $INTERFACES; do |
for iface in $INTERFACES; do |
|
gateway="Gateway_$iface"; |
riface="IFname_$iface"; |
riface="IFname_$iface"; |
IPS="IP_$iface"; |
IPS="IP_$iface"; |
|
|
|
|
|
|
# TCP |
# TCP |
if [ -z "$ACCEPT_OUTPUT_TCP" ]; then |
if [ -z "$ACCEPT_OUTPUT_TCP" ]; then |
for ip in ${!IPS}; do |
if [ -n "${!gateway}" ]; then |
output_tcp_str="$output_tcp_str $ip(${!riface})"; |
for ip in ${!IPS}; do |
$IPTABLES -A OUTPUT -p TCP -o ${!riface} -s $ip -j ACCEPT |
output_tcp_str="$output_tcp_str $ip:${!riface}:${!gateway}"; |
done |
$IPTABLES -A OUTPUT -p TCP -o ${!riface} -s $ip -j ACCEPT |
|
done |
|
fi |
else |
else |
print_info -en "$iface: Accepting OUTPUT TCP connections to ports:" |
print_info -en "$iface: Accepting OUTPUT TCP connections to ports:" |
for port in $ACCEPT_OUTPUT_TCP; do |
for port in $ACCEPT_OUTPUT_TCP; do |
|
|
|
|
# UDP |
# UDP |
if [ -z "$ACCEPT_OUTPUT_UDP" ]; then |
if [ -z "$ACCEPT_OUTPUT_UDP" ]; then |
for ip in ${!IPS}; do |
if [ -n "${!gateway}" ]; then |
output_udp_str="$output_udp_str $ip(${!riface})"; |
for ip in ${!IPS}; do |
$IPTABLES -A OUTPUT -p UDP -o ${!riface} -s $ip -j ACCEPT |
output_udp_str="$output_udp_str $ip:${!riface}:${!gateway}"; |
done |
$IPTABLES -A OUTPUT -p UDP -o ${!riface} -s $ip -j ACCEPT |
|
done |
|
fi |
else |
else |
print_info -en "$iface: Accepting OUTPUT UDP connections to ports:" |
print_info -en "$iface: Accepting OUTPUT UDP connections to ports:" |
for port in $ACCEPT_OUTPUT_UDP; do |
for port in $ACCEPT_OUTPUT_UDP; do |
|
|
fi |
fi |
|
|
# ICMP |
# ICMP |
for ip in ${!IPS}; do |
if [ -n "${!gateway}" ]; then |
output_icmp_str="$output_icmp_str $ip(${!riface})"; |
for ip in ${!IPS}; do |
$IPTABLES -A OUTPUT -p ICMP -o ${!riface} -s $ip -j ACCEPT |
output_icmp_str="$output_icmp_str $ip:${!riface}:${!gateway}"; |
done |
$IPTABLES -A OUTPUT -p ICMP -o ${!riface} -s $ip -j ACCEPT |
|
done |
|
fi |
done |
done |
|
|
if [ -n "$output_tcp_str" ]; then |
if [ -n "$output_tcp_str" ]; then |
print_info "Accepting OUTPUT TCP packets from $output_tcp_str done." |
print_info "Accepting OUTPUT TCP packets through $output_tcp_str done." |
fi |
fi |
if [ -n "$output_udp_str" ]; then |
if [ -n "$output_udp_str" ]; then |
print_info "Accepting OUTPUT UDP packets from $output_udp_str done." |
print_info "Accepting OUTPUT UDP packets through $output_udp_str done." |
fi |
fi |
if [ -n "$output_icmp_str" ]; then |
if [ -n "$output_icmp_str" ]; then |
print_info "Accepting OUTPUT ICMP packets from $output_icmp_str done." |
print_info "Accepting OUTPUT ICMP packets through $output_icmp_str done." |
fi |
fi |
} # }}} |
} # }}} |
|
|
Line 1651 while (my $line = <STDIN>) { |
|
Line 1658 while (my $line = <STDIN>) { |
|
$iface = $1; |
$iface = $1; |
my $iface_hwaddr = $2; |
my $iface_hwaddr = $2; |
my $x_iface = $iface; |
my $x_iface = $iface; |
$iface =~ s/:/_/; # convert "eth0:0" --> "eth0_0" |
$iface =~ s/:$//g; |
|
$iface =~ s/:/_/g; # convert "eth0:0" --> "eth0_0" |
$x_iface = [ $x_iface =~ m/^([a-z0-9]+)/i ]->[0]; # convert "eth0:0" --> "eth0" |
$x_iface = [ $x_iface =~ m/^([a-z0-9]+)/i ]->[0]; # convert "eth0:0" --> "eth0" |
$ifname{$iface} = $x_iface; |
$ifname{$iface} = $x_iface; |
$ipcount{$iface}++; |
$ipcount{$iface}++; |
Line 1671 while (my $line = <STDIN>) { |
|
Line 1679 while (my $line = <STDIN>) { |
|
push @{$ip6{$iface}}, $fields[3]; |
push @{$ip6{$iface}}, $fields[3]; |
$scope6{$iface} = [ $fields[4] =~ m/Scope:(.*)$/i ]->[0]; |
$scope6{$iface} = [ $fields[4] =~ m/Scope:(.*)$/i ]->[0]; |
} |
} |
|
elsif ($line =~ m/^[ \t]+inet\s/) { # Linux IP address |
|
die unless defined $iface; |
|
my @fields = split(/[\s:]+/, $line); |
|
push @{$ip{$iface}}, $fields[2]; |
|
$bcast{$iface} = (defined($fields[5]) and $fields[5] eq "broadcast") ? $fields[6] : ""; |
|
$mask{$iface} = $fields[4]; |
|
} |
|
|
} |
} |
|
|
Line 1684 map { printf "IPcount_%s=\"%s\"; export |
|
Line 1699 map { printf "IPcount_%s=\"%s\"; export |
|
map { printf "IFname_%s=\"%s\"; export IFname_%s;\n", $_, $ifname{$_}, $_; } keys %ifname; |
map { printf "IFname_%s=\"%s\"; export IFname_%s;\n", $_, $ifname{$_}, $_; } keys %ifname; |
printf "interfaces=\"%s\"; export interfaces;\n", join(" ", sort keys %ip); |
printf "interfaces=\"%s\"; export interfaces;\n", join(" ", sort keys %ip); |
'` |
'` |
eval "$parsed_interfaces"; |
|
#echo "$parsed_interfaces"; |
#echo "$parsed_interfaces"; |
|
eval "$parsed_interfaces"; |
|
|
parsed_routes=`$PERL -e ' |
parsed_routes=`$PERL -e ' |
$\ = "\n"; |
$\ = "\n"; |
Line 1734 printf "interfaces=\"%s\"; export inter |
|
Line 1749 printf "interfaces=\"%s\"; export inter |
|
|
|
} # }}} |
} # }}} |
'` |
'` |
|
#echo $parsed_routes |
eval "$parsed_routes"; |
eval "$parsed_routes"; |
|
|
# Now we have defined variables like this: |
# Now we have defined variables like this: |