Platon Technologies
not logged in Login Registration
EnglishSlovak
open source software development celebrating 10 years of open source development! Thursday, March 28, 2024

Diff for scripts/shell/firewall/fw-universal.sh between version 2.28 and 2.31

version 2.28, 2005/10/09 21:11:08 version 2.31, 2006/01/05 18:14:57
Line 9 
Line 9 
 # Licensed under terms of GNU General Public License.  # Licensed under terms of GNU General Public License.
 # All rights reserved.  # All rights reserved.
 #  #
 # $Platon: scripts/shell/firewall/fw-universal.sh,v 2.27 2005/08/04 19:39:11 rajo Exp $  # $Platon: scripts/shell/firewall/fw-universal.sh,v 2.30 2005/11/01 00:36:24 rajo Exp $
 #  #
 # Changelog:  # Changelog:
 # 2003-10-24 - created  # 2003-10-24 - created
Line 57  AWK="${AWK:=/usr/bin/awk}"
Line 57  AWK="${AWK:=/usr/bin/awk}"
   
 # loopback interface  # loopback interface
 LO_IFACE="${LO_IFACE:=lo}"  LO_IFACE="${LO_IFACE:=lo}"
 LO_IP="IP_$LO_IFACE"  
   
 #  #
 # CONSTANTS - Do not edit  # CONSTANTS - Do not edit
Line 108  load_cache()
Line 107  load_cache()
         if [ -f "$CACHE_FILE" ]; then          if [ -f "$CACHE_FILE" ]; then
                 echo "Loading rules from cache file $CACHE_FILE"                  echo "Loading rules from cache file $CACHE_FILE"
                 $IPTABLES_RESTORE -c < $CACHE_FILE;                  $IPTABLES_RESTORE -c < $CACHE_FILE;
                   forward_on # this has nothing to do with IPtables rules, we need to run them explicitly
                 exit 0;                  exit 0;
         fi          fi
 } # }}}  } # }}}
Line 153  antispoof_on()
Line 153  antispoof_on()
         done          done
 } # }}}  } # }}}
   
   # Turn on IP packets forwarding
 forward_on()  forward_on()
 { # {{{  { # {{{
         echo -en "NAT: Enabling packet forwarding..."          # NAT requires turn on IP forwarding
         echo 1 > /proc/sys/net/ipv4/ip_forward          if [ ! -z "$NAT_LAN_IFACE" ]; then
         echo " done."                  echo -en "NAT: Enabling packet forwarding..."
                   echo 1 > /proc/sys/net/ipv4/ip_forward
                   echo " done."
           fi
 } # }}}  } # }}}
   
 forward_off()  forward_off()
Line 418  log_new_connections()
Line 422  log_new_connections()
 { # {{{  { # {{{
         if [ ! -z "$NAT_LOG_NEW_CONNECTIONS" ]; then          if [ ! -z "$NAT_LOG_NEW_CONNECTIONS" ]; then
                 if [ "x$NAT_LOG_NEW_CONNECTIONS" = "xyes" ]; then                  if [ "x$NAT_LOG_NEW_CONNECTIONS" = "xyes" ]; then
                         echo -en "Logging new connections:"                          if [ "x$NAT_LOG_NEW_CONNECTIONS" = "xyes" ]; then
                         $IPTABLES_LOG -A INPUT   -m state --state NEW -j LOG --log-prefix "IN  connection: "                                  NAT_LOG_NEW_CONNECTIONS="TCP UDP"
                         $IPTABLES_LOG -A OUTPUT  -m state --state NEW -j LOG --log-prefix "OUT connection: "                          fi
                         $IPTABLES_LOG -A FORWARD -m state --state NEW -j LOG --log-prefix "FWD connection: "                          echo -en "Logging new connections $NAT_LOG_NEW_CONNECTIONS:"
                           for proto in $NAT_LOG_NEW_CONNECTIONS; do
                                   $IPTABLES_LOG -A INPUT   -m state --state NEW -p $proto -j LOG --log-prefix "IN  connection: "
                                   $IPTABLES_LOG -A OUTPUT  -m state --state NEW -p $proto -j LOG --log-prefix "OUT connection: "
                                   $IPTABLES_LOG -A FORWARD -m state --state NEW -p $proto -j LOG --log-prefix "FWD connection: "
                           done
                         echo " done."                          echo " done."
                 fi                  fi
         fi          fi
Line 824  case "$1" in
Line 833  case "$1" in
                 log_input_drop                  log_input_drop
                 log_output_drop                  log_output_drop
                 log_forward_drop                  log_forward_drop
                   forward_on
                 $IPTABLES_SAVE -c > $CACHE_FILE                  $IPTABLES_SAVE -c > $CACHE_FILE
                 ;;                  ;;
   

Legend:
Removed from v.2.28  
changed lines
  Added in v.2.31

Platon Group <platon@platon.org> http://platon.org/
Copyright © 2002-2006 Platon Group
Site powered by Metafox CMS
Go to Top