version 2.71, 2009/11/06 23:14:36 |
version 2.74, 2010/08/08 23:34:25 |
|
|
#!/bin/sh |
#!/bin/bash |
|
|
# |
# |
# This will be universal firewalling script for Linux kernel (iptables) in near future |
# This will be universal firewalling script for Linux kernel (iptables) in near future |
|
|
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.70 2009-07-01 12:28:07 nepto Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.73 2010-06-21 21:52:16 nepto Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
|
|
$AWK -v FS=: ' (NF == 2) { remote_ip = "$lan_ip"; remote_port = $1; local_port = $2; } \ |
$AWK -v FS=: ' (NF == 2) { remote_ip = "$lan_ip"; remote_port = $1; local_port = $2; } \ |
(NF == 3) { remote_ip = $2; remote_port = $1; local_port = $3; } \ |
(NF == 3) { remote_ip = $2; remote_port = $1; local_port = $3; } \ |
END { printf "remote_ip=%s; remote_port=%s; local_port=%s;", remote_ip, remote_port, local_port; }'` |
END { printf "remote_ip=%s; remote_port=%s; local_port=%s;", remote_ip, remote_port, local_port; }'` |
print_info -en " $remote_port>>$remote_ip:$local_port(udp)" |
print_info -en " $remote_port>>$remote_ip:$local_port(tcp)" |
$IPTABLES -t nat -A PREROUTING -p TCP \ |
$IPTABLES -t nat -A PREROUTING -p TCP \ |
-i ! $NAT_LAN_IFACE -d ! $lan_ip \ |
-i ! $NAT_LAN_IFACE -d ! $lan_ip \ |
--dport $remote_port -j REDIRECT --to-port $local_port |
--dport $remote_port -j REDIRECT --to-port $local_port |
Line 1025 configure_special_rules() |
|
Line 1025 configure_special_rules() |
|
|
|
} # }}} |
} # }}} |
|
|
|
custom_rules() |
|
{ # {{{ |
|
print_info -en "Executing custom rules: " |
|
for max_rule_num in 9 99 999; do |
|
initialized="no"; |
|
for i in `seq -w 0 "$max_rule_num"`; do |
|
varname="CUSTOM_RULE_$i"; |
|
if [ -z "${!varname}" ]; then |
|
break; |
|
fi |
|
echo -n "#$i"; |
|
$IPTABLES ${!varname}; |
|
rc="$?"; |
|
if [ "$rc" -eq 0 ]; then |
|
echo -n "[OK] "; |
|
else |
|
echo -n "[rc:$?] "; |
|
fi; |
|
initialized="yes"; |
|
done |
|
if [ "X$initialized" = "Xyes" ]; then |
|
break; |
|
fi |
|
done |
|
print_info " done."; |
|
} # }}} |
|
|
do_ip_accounting() |
do_ip_accounting() |
{ # {{{ |
{ # {{{ |
|
|
|
|
shaping_off |
shaping_off |
shaping_on |
shaping_on |
configure_special_rules |
configure_special_rules |
|
custom_rules |
$IPTABLES_SAVE -c > $CACHE_FILE |
$IPTABLES_SAVE -c > $CACHE_FILE |
;; |
;; |
|
|