Diff for scripts/shell/firewall/fw-universal.sh between version 2.45 and 2.47
| version 2.45, 2006/08/09 16:38:13 |
version 2.47, 2006/09/24 16:17:10 |
|
|
| $IPTABLES -A INPUT -s $client_ip -i $NAT_SUBNET_IFACE -j DROP |
$IPTABLES -A INPUT -s $client_ip -i $NAT_SUBNET_IFACE -j DROP |
| done |
done |
| fi |
fi |
| |
if [ ! -z "$ALL_DROP_INPUT_TCP" ]; then |
| |
echo -en "Drop ALL INPUT TCP connections on ports:" |
| |
for port in $ALL_DROP_INPUT_TCP; do |
| |
for iface in $INTERFACES; do |
| |
echo -en " $port($iface)" |
| |
IPS="IP_$iface"; |
| |
for ip in ${!IPS}; do |
| |
$IPTABLES -A INPUT -i $iface -d $ip -p TCP --dport $port -j DROP |
| |
done |
| |
done |
| |
done |
| |
echo " done." |
| |
fi |
| |
if [ ! -z "$ALL_DROP_INPUT_UDP" ]; then |
| |
echo -en "Drop ALL INPUT UDP connections on ports:" |
| |
for port in $ALL_DROP_INPUT_UDP; do |
| |
for iface in $INTERFACES; do |
| |
echo -en " $port($iface)" |
| |
IPS="IP_$iface"; |
| |
for ip in ${!IPS}; do |
| |
$IPTABLES -A INPUT -i $iface -d $ip -p UDP --dport $port -j DROP |
| |
done |
| |
done |
| |
done |
| |
echo " done." |
| |
fi |
| if [ ! -z "$ALL_ACCEPT_INPUT_TCP" ]; then |
if [ ! -z "$ALL_ACCEPT_INPUT_TCP" ]; then |
| echo -en "Accepting ALL INPUT TCP connections on ports:" |
echo -en "Accepting ALL INPUT TCP connections on ports:" |
| for port in $ALL_ACCEPT_INPUT_TCP; do |
for port in $ALL_ACCEPT_INPUT_TCP; do |
|
|
| nmap_scan_filter |
nmap_scan_filter |
| invalid_packet_filter |
invalid_packet_filter |
| anti_spoof_filter |
anti_spoof_filter |
| syn_flood |
#syn_flood |
| mangle_prerouting |
mangle_prerouting |
| mangle_output |
mangle_output |
| accept_related |
accept_related |
Platon Group <platon@platon.org> http://platon.org/
|
|
Login
Registration
Slovak
![[BACK]](http://cvsweb.platon.sk/icons/back.gif){kind=icon}
![[TXT]](http://cvsweb.platon.sk/icons/text.gif){kind=icon}
![[DIR]](http://cvsweb.platon.sk/icons/dir.gif){kind=icon}
Up to