version 2.25, 2005/06/29 15:24:04 |
version 2.26, 2005/06/29 16:16:46 |
|
|
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.24 2005/04/18 22:49:30 rajo Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.25 2005/06/29 15:24:04 rajo Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
|
|
DEFAULT_POLICY="${DEFAULT_POLICY:=DROP}" |
DEFAULT_POLICY="${DEFAULT_POLICY:=DROP}" |
# which modules to load |
# which modules to load |
MODULES="${MODULES:=}" |
MODULES="${MODULES:=}" |
|
MODULES_LOADING="${MODULES_LOADING:=yes}" |
|
MODULES_REMOVING="${MODULES_REMOVING:=no}" |
|
|
LOG_LIMIT="${LOG_LIMIT:=-m limit --limit 12/h --limit-burst 10 -j LOG --log-level notice --log-prefix}" |
LOG_LIMIT="${LOG_LIMIT:=-m limit --limit 12/h --limit-burst 10 -j LOG --log-level notice --log-prefix}" |
|
|
Line 77 ACCEPT_ICMP_PACKETS="${ACCEPT_ICMP_PACKE |
|
Line 79 ACCEPT_ICMP_PACKETS="${ACCEPT_ICMP_PACKE |
|
# load necessary modules from $MODULES variable |
# load necessary modules from $MODULES variable |
load_modules() |
load_modules() |
{ # {{{ |
{ # {{{ |
echo "# Loading modules" |
if [ "e$MODULES_LOADING" = "eyes" ]; then |
for mod in $MODULES; do |
echo "# Loading modules" |
echo " $MODPROBE $mod" |
for mod in $MODULES; do |
$MODPROBE $mod |
echo " $MODPROBE $mod" |
done |
$MODPROBE $mod |
|
done |
|
fi |
} # }}} |
} # }}} |
|
|
# unload necessary modules from $MODULES variable |
# unload necessary modules from $MODULES variable |
unload_modules() |
unload_modules() |
{ # {{{ |
{ # {{{ |
# reverse modules |
# reverse modules |
echo "# Removing modules" |
if [ "e$MODULES_REMOVING" = "eyes" ]; then |
R_MODULES=`echo "$MODULES" | tr ' ' '\012' | tac | tr '\012' ' '` |
echo "# Removing modules" |
for mod in $R_MODULES; do |
R_MODULES=`echo "$MODULES" | tr ' ' '\012' | tac | tr '\012' ' '` |
echo " $RMMOD $mod" |
for mod in $R_MODULES; do |
$RMMOD $mod |
echo " $RMMOD $mod" |
done |
$RMMOD $mod |
|
done |
|
fi |
} # }}} |
} # }}} |
|
|
# print status of detected interfaces |
# print status of detected interfaces |
Line 617 accept_related() |
|
Line 623 accept_related() |
|
for iface in $INTERFACES; do |
for iface in $INTERFACES; do |
ip="IP_$iface"; |
ip="IP_$iface"; |
echo -en " ${!ip}($iface)" |
echo -en " ${!ip}($iface)" |
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
|
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
done |
done |
echo " done." |
echo " done." |
|
|
|
|
remove_chains |
remove_chains |
unload_modules |
unload_modules |
forward_off |
forward_off |
|
accept_related |
|
;; |
|
|
|
really-off) |
|
echo -n "Stopping $DESC: removing ALL rules, all packets are dropped !!" |
|
set_default_policy |
|
remove_chains |
|
unload_modules |
|
forward_off |
;; |
;; |
|
|
status) |
status) |
|
|
;; |
;; |
|
|
*) |
*) |
echo "Usage: $0 {start|stop|status}" >&2 |
echo "Usage: $0 {start|stop|really-off|status}" >&2 |
exit 1 |
exit 1 |
;; |
;; |
esac |
esac |