version 2.111, 2016/05/05 23:54:19 |
version 2.114, 2018/06/28 16:50:18 |
|
|
# Provides: firewall |
# Provides: firewall |
# Required-Start: $network |
# Required-Start: $network |
# Required-Stop: $remote_fs |
# Required-Stop: $remote_fs |
# Default-Start: S |
# Default-Start: 2 3 4 5 |
# Default-Stop: 0 6 |
# Default-Stop: 0 6 |
# Short-Description: Starts firewall |
# Short-Description: Starts firewall |
# Description: Handle universal firewall script by Platon Group |
# Description: Handle universal firewall script by Platon Group |
# http://platon.sk/cvs/cvs.php/scripts/shell/firewall/ |
# http://platon.sk/cvs/cvs.php/scripts/shell/firewall/ |
# Author: Lubomir Host <rajo@platon.sk> |
# Author: Lubomir Host <rajo@platon.sk> |
# Copyright: (c) 2003-2011 Platon Group |
# Copyright: (c) 2003-2018 Platon Group |
### END INIT INFO |
### END INIT INFO |
|
|
# |
# |
|
|
# Can be started by init or by hand. |
# Can be started by init or by hand. |
# |
# |
# Developed by Lubomir Host 'rajo' <rajo AT platon.sk> |
# Developed by Lubomir Host 'rajo' <rajo AT platon.sk> |
# Copyright (c) 2003-2011 Platon Group, http://platon.sk/ |
# Copyright (c) 2003-2018 Platon Group, http://platon.sk/ |
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.110 2016/05/05 21:07:54 rajo Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.113 2018/03/01 22:47:46 nepto Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
# 2011-07-20 - implemented XEN_MODE |
# 2011-07-20 - implemented XEN_MODE |
|
# 2018-03-01 - fixed Default-Start for SystemD on Stretch (nepto) |
# |
# |
|
|
|
|
|
|
print_info " done." |
print_info " done." |
fi |
fi |
|
|
# We are using REAL_INTERFACES instead of INTERFACES here, because we want |
# We are using INTERFACES + lo instead of INTERFACES here, because we want |
# to do redirects for "lo" interface as well. However for "lo" it is done |
# to do redirects for "lo" interface as well. However for "lo" it is done |
# quite differently. See http://ix.sk/0WY2j for more information on this. |
# quite differently. See http://ix.sk/0WY2j for more information on this. |
# -- Nepto [2015-10-19] |
# -- Nepto [2015-10-19] |
for iface in $REAL_INTERFACES; do |
for iface in lo $INTERFACES; do |
riface="IFname_$iface"; |
riface="IFname_$iface"; |
IPS="IP_$iface"; |
IPS="IP_$iface"; |
|
|
|
|
drop_output |
drop_output |
allow_output |
allow_output |
allow_icmp |
allow_icmp |
echo "----[ INCOMMING TRAFFIC ]------------------------------------------------" |
print_info "----[ INCOMMING TRAFFIC ]------------------------------------------------" |
drop_input |
drop_input |
reject_input |
reject_input |
allow_input |
allow_input |