version 2.46, 2006/08/09 16:38:54 |
version 2.49, 2006/10/04 09:23:25 |
|
|
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.30 2005/11/01 00:36:24 rajo Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.48 2006-09-30 21:55:28 rajo Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
|
|
$IPTABLES -A INPUT -s $client_ip -i $NAT_SUBNET_IFACE -j DROP |
$IPTABLES -A INPUT -s $client_ip -i $NAT_SUBNET_IFACE -j DROP |
done |
done |
fi |
fi |
|
if [ ! -z "$ALL_DROP_INPUT_TCP" ]; then |
|
echo -en "Drop ALL INPUT TCP connections on ports:" |
|
for port in $ALL_DROP_INPUT_TCP; do |
|
for iface in $INTERFACES; do |
|
echo -en " $port($iface)" |
|
$IPTABLES -A INPUT -i $iface -p TCP --dport $port -j DROP |
|
done |
|
done |
|
echo " done." |
|
fi |
|
if [ ! -z "$ALL_DROP_INPUT_UDP" ]; then |
|
echo -en "Drop ALL INPUT UDP connections on ports:" |
|
for port in $ALL_DROP_INPUT_UDP; do |
|
for iface in $INTERFACES; do |
|
echo -en " $port($iface)" |
|
$IPTABLES -A INPUT -i $iface -p UDP --dport $port -j DROP |
|
done |
|
done |
|
echo " done." |
|
fi |
if [ ! -z "$ALL_ACCEPT_INPUT_TCP" ]; then |
if [ ! -z "$ALL_ACCEPT_INPUT_TCP" ]; then |
echo -en "Accepting ALL INPUT TCP connections on ports:" |
echo -en "Accepting ALL INPUT TCP connections on ports:" |
for port in $ALL_ACCEPT_INPUT_TCP; do |
for port in $ALL_ACCEPT_INPUT_TCP; do |
|
src_ip="" |
|
eval `echo $port | awk -v FS=: '/:/ { printf "src_ip=\"%s\"; port=\"%s\";", $1, $2; }'` |
for iface in $INTERFACES; do |
for iface in $INTERFACES; do |
echo -en " $port($iface)" |
echo -en " $port($iface)"`[ ! -z $src_ip ] && echo "[$src_ip]"` |
IPS="IP_$iface"; |
IPS="IP_$iface"; |
for ip in ${!IPS}; do |
for ip in ${!IPS}; do |
$IPTABLES -A INPUT -i $iface -d $ip -p TCP --dport $port -j ACCEPT |
if [ -z "$src_ip" ]; then |
|
$IPTABLES -A INPUT -i $iface -d $ip -p TCP --dport $port -j ACCEPT |
|
else |
|
$IPTABLES -A INPUT -i $iface -s $src_ip -d $ip -p TCP --dport $port -j ACCEPT |
|
fi |
done |
done |
done |
done |
done |
done |
|
|
if [ ! -z "$ALL_ACCEPT_INPUT_UDP" ]; then |
if [ ! -z "$ALL_ACCEPT_INPUT_UDP" ]; then |
echo -en "Accepting ALL INPUT UDP connections on ports:" |
echo -en "Accepting ALL INPUT UDP connections on ports:" |
for port in $ALL_ACCEPT_INPUT_UDP; do |
for port in $ALL_ACCEPT_INPUT_UDP; do |
|
src_ip="" |
|
eval `echo $port | awk -v FS=: '/:/ { printf "src_ip=\"%s\"; port=\"%s\";", $1, $2; }'` |
for iface in $INTERFACES; do |
for iface in $INTERFACES; do |
echo -en " $port($iface)" |
echo -en " $port($iface)"`[ ! -z $src_ip ] && echo "[$src_ip]"` |
IPS="IP_$iface"; |
IPS="IP_$iface"; |
for ip in ${!IPS}; do |
for ip in ${!IPS}; do |
$IPTABLES -A INPUT -i $iface -d $ip -p UDP --dport $port -j ACCEPT |
if [ -z "$src_ip" ]; then |
|
$IPTABLES -A INPUT -i $iface -d $ip -p UDP --dport $port -j ACCEPT |
|
else |
|
$IPTABLES -A INPUT -i $iface -s $src_ip -d $ip -p UDP --dport $port -j ACCEPT |
|
fi |
done |
done |
done |
done |
done |
done |
|
|
if [ ! -z "$ACCEPT_INPUT_TCP" ]; then |
if [ ! -z "$ACCEPT_INPUT_TCP" ]; then |
echo -en "$iface: Accepting INPUT TCP connections on ports:" |
echo -en "$iface: Accepting INPUT TCP connections on ports:" |
for port in $ACCEPT_INPUT_TCP; do |
for port in $ACCEPT_INPUT_TCP; do |
echo -en " $port" |
src_ip="" |
|
eval `echo $port | awk -v FS=: '/:/ { printf "src_ip=\"%s\"; port=\"%s\";", $1, $2; }'` |
|
echo -en " $port"`[ ! -z $src_ip ] && echo "[$src_ip]"` |
for ip in ${!IPS}; do |
for ip in ${!IPS}; do |
$IPTABLES -A INPUT -i $iface -d $ip -p TCP --dport $port -j ACCEPT |
if [ -z $src_ip ]; then |
|
$IPTABLES -A INPUT -i $iface -d $ip -p TCP --dport $port -j ACCEPT |
|
else |
|
$IPTABLES -A INPUT -i $iface -s $src_ip -d $ip -p TCP --dport $port -j ACCEPT |
|
fi |
done |
done |
done |
done |
echo " done." |
echo " done." |
|
|
if [ ! -z "$ACCEPT_INPUT_UDP" ]; then |
if [ ! -z "$ACCEPT_INPUT_UDP" ]; then |
echo -en "$iface: Accepting INPUT UDP connections on ports:" |
echo -en "$iface: Accepting INPUT UDP connections on ports:" |
for port in $ACCEPT_INPUT_UDP; do |
for port in $ACCEPT_INPUT_UDP; do |
echo -en " $port" |
src_ip="" |
|
eval `echo $port | awk -v FS=: '/:/ { printf "src_ip=\"%s\"; port=\"%s\";", $1, $2; }'` |
|
echo -en " $port"`[ ! -z $src_ip ] && echo "[$src_ip]"` |
#$IPTABLES -A INPUT -i $iface -d ${!INET_IP} -p UDP --dport $port -j ACCEPT |
#$IPTABLES -A INPUT -i $iface -d ${!INET_IP} -p UDP --dport $port -j ACCEPT |
#$IPTABLES -A INPUT -i $iface --source 192.168.1.0/16 -p UDP --dport $port -j ACCEPT |
#$IPTABLES -A INPUT -i $iface --source 192.168.1.0/16 -p UDP --dport $port -j ACCEPT |
for ip in ${!IPS}; do |
for ip in ${!IPS}; do |
$IPTABLES -A INPUT -i $iface -d $ip -p UDP --dport $port -j ACCEPT |
if [ -z $src_ip ]; then |
|
$IPTABLES -A INPUT -i $iface -d $ip -p UDP --dport $port -j ACCEPT |
|
else |
|
$IPTABLES -A INPUT -i $iface -s $src_ip -d $ip -p UDP --dport $port -j ACCEPT |
|
fi |
done |
done |
done |
done |
echo " done." |
echo " done." |