version 2.21, 2005/03/06 19:18:04 |
version 2.23, 2005/04/15 22:07:18 |
|
|
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.20 2005/03/04 23:53:14 rajo Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.22 2005/03/16 13:53:36 rajo Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
|
|
masquerade() |
masquerade() |
{ # {{{ |
{ # {{{ |
if [ ! -z "$NAT_LAN_IFACE" ]; then |
if [ ! -z "$NAT_LAN_IFACE" ]; then |
|
echo -en "NAT: Enabling packet forwarding..." |
|
echo 1 > /proc/sys/net/ipv4/ip_forward |
|
echo " done." |
echo -en "NAT: Masquerading local subnet: $NAT_SUBNET_IFACE --> $NAT_LAN_IFACE" |
echo -en "NAT: Masquerading local subnet: $NAT_SUBNET_IFACE --> $NAT_LAN_IFACE" |
|
|
ip="IP_$NAT_SUBNET_IFACE"; |
ip="IP_$NAT_SUBNET_IFACE"; |
|
|
|
|
} # }}} |
} # }}} |
|
|
|
bann_ip_adresses() |
|
{ # {{{ |
|
# |
|
# This feature has been developed for following reason: |
|
# UbiCrawler spam our website with many requests (they are duplicit requests of the same page!) |
|
# And this web robot doesn't accept HTTP META tags (http://www.robotstxt.org/wc/faq.html#extension) |
|
# |
|
# Bann them too! |
|
# |
|
#IP address is: 146.48.97.11 146.48.97.13 |
|
# User Agent: "UbiCrawler/v0.4beta (http://ubi.iit.cnr.it/projects/ubicrawler/)" |
|
# |
|
if [ ! -z "$BANNED_IP" ]; then |
|
echo -en "Dropping ALL packets from IP:" |
|
for banned_ip in $BANNED_IP; do |
|
echo -en " $banned_ip" |
|
$IPTABLES -A INPUT -s $banned_ip -j DROP |
|
$IPTABLES -A FORWARD -s $banned_ip -j DROP |
|
done |
|
echo " done." |
|
fi |
|
} # }}} |
|
|
allow_accept_all() |
allow_accept_all() |
{ # {{{ |
{ # {{{ |
if [ ! -z "$IFACE_ACCEPT_ALL" ]; then |
if [ ! -z "$IFACE_ACCEPT_ALL" ]; then |
Line 699 for iface in $interfaces; do |
|
Line 725 for iface in $interfaces; do |
|
INTERFACES="$INTERFACES $iface"; |
INTERFACES="$INTERFACES $iface"; |
fi |
fi |
done |
done |
|
INTERFACES_ACCEPT_ALL="$IFACE_ACCEPT_ALL" |
|
|
|
|
case "$1" in |
case "$1" in |
|
|
# |
# |
# (un)commnet next lines as needed |
# (un)commnet next lines as needed |
# |
# |
|
bann_ip_adresses |
allow_accept_all |
allow_accept_all |
nmap_scan_filter |
nmap_scan_filter |
invalid_packet_filter |
invalid_packet_filter |