Diff for scripts/shell/firewall/fw-universal.sh between version 2.31 and 2.32
version 2.31, 2006/01/05 18:14:57 |
version 2.32, 2006/01/09 00:52:06 |
Line 655 log_forward_drop() |
|
Line 655 log_forward_drop() |
|
|
|
} # }}} |
} # }}} |
|
|
|
do_ip_accounting() |
|
{ # {{{ |
|
|
|
if [ ! "x$DO_LOCAL_IP_ACCOUNTING" = "xno" ]; then |
|
if [ ! -z "$NAT_LAN_IFACE" ]; then |
|
IPACCT_IN_NAME="IPACCT_IN" |
|
IPACCT_OUT_NAME="IPACCT_OUT" |
|
$IPTABLES -N $IPACCT_IN_NAME # download: from server to client |
|
$IPTABLES -N $IPACCT_OUT_NAME # upload: from client to server |
|
|
|
ip="IP_$NAT_SUBNET_IFACE"; |
|
netmask="Mask_$NAT_SUBNET_IFACE" |
|
localnet="${!ip}/${!netmask}" |
|
|
|
$IPTABLES -A FORWARD -i $NAT_LAN_IFACE -d $localnet -j $IPACCT_IN_NAME |
|
$IPTABLES -A FORWARD -o $NAT_LAN_IFACE -s $localnet -j $IPACCT_OUT_NAME |
|
|
|
for client_ip in $IP_ACCT_CLIENTS; do |
|
$IPTABLES -A $IPACCT_IN_NAME -d $client_ip -j RETURN |
|
$IPTABLES -A $IPACCT_OUT_NAME -s $client_ip -j RETURN |
|
done |
|
|
|
$IPTABLES -A $IPACCT_IN_NAME -j RETURN |
|
$IPTABLES -A $IPACCT_OUT_NAME -j RETURN |
|
|
|
fi |
|
fi |
|
|
|
} # }}} |
|
|
accept_related() |
accept_related() |
{ # {{{ |
{ # {{{ |
|
|
echo -en "Accepting ESTABLISHED, RELATED packets for IP:" |
echo -en "Accepting ESTABLISHED, RELATED packets for IP:" |
for iface in $INTERFACES; do |
for iface in $INTERFACES; do |
ip="IP_$iface"; |
ip="IP_$iface"; |
|
|
mangle_output |
mangle_output |
log_new_connections |
log_new_connections |
drop_output |
drop_output |
|
do_ip_accounting |
allow_input |
allow_input |
allow_output |
allow_output |
allow_icmp |
allow_icmp |
Platon Group <platon@platon.org> http://platon.org/
|
|