Platon Technologies
not logged in Login Registration
EnglishSlovak
open source software development celebrating 10 years of open source development! Tuesday, March 19, 2024

CVS log for scripts/shell/firewall/fw-universal.sh

[BACK] Up to [Platon] / scripts / shell / firewall

Request diff between arbitrary revisions


Default branch: MAIN


Revision 2.123 / (download) - [select for diffs], Wed Nov 8 22:29:04 2023 UTC (4 months, 1 week ago) by nepto


Changes since 2.122: +34 -1 lines
Diff to previous 2.122 (colored) to selected 2.49 (colored)

Implemented action "unblock" for unblocking banned IP addresses
(likely some old work by Jakub Filo found on vPnyx server)

Revision 2.122 / (download) - [select for diffs], Thu Sep 17 18:58:29 2020 UTC (3 years, 6 months ago) by nepto

Changes since 2.121: +12 -7 lines
Diff to previous 2.121 (colored) to selected 2.49 (colored)

Added support for Docker network interfaces, for example
converting interface name "br-a97b1d2fbcc4" to "br_a97b1d2fbcc4"

Revision 2.121 / (download) - [select for diffs], Tue Oct 8 22:25:30 2019 UTC (4 years, 5 months ago) by nepto

Changes since 2.120: +2 -2 lines
Diff to previous 2.120 (colored) to selected 2.49 (colored)

Moved bann_ip_adresses to end

Revision 2.120 / (download) - [select for diffs], Thu Feb 14 23:14:32 2019 UTC (5 years, 1 month ago) by nepto

Changes since 2.119: +2 -2 lines
Diff to previous 2.119 (colored) to selected 2.49 (colored)

Fixed VRRP OUTPUT iface bug

Revision 2.119 / (download) - [select for diffs], Thu Feb 14 07:41:47 2019 UTC (5 years, 1 month ago) by nepto

Changes since 2.118: +15 -1 lines
Diff to previous 2.118 (colored) to selected 2.49 (colored)

Implemented $IFACE_ACCEPT_VRRP in allow_accept_vrrp()

Revision 2.118 / (download) - [select for diffs], Mon Dec 10 11:46:12 2018 UTC (5 years, 3 months ago) by nepto

Changes since 2.117: +7 -10 lines
Diff to previous 2.117 (colored) to selected 2.49 (colored)

Plantroon fixed previous commit by:
- inserting (not appending) rule into INPUT chain
- removing FORWARD chain rule as unneccessary

Revision 2.117 / (download) - [select for diffs], Thu Aug 23 04:34:58 2018 UTC (5 years, 6 months ago) by nepto

Changes since 2.116: +5 -2 lines
Diff to previous 2.116 (colored) to selected 2.49 (colored)

In function do_ban_single_ip() prepend (-I) into forward chain
instead of append (-A).

Appending into chain causes connection still remain to be alive.

Inserting (prepending) into chain causes immediate connection
termination, what is very desirable when blocking certain IP.

Revision 2.116 / (download) - [select for diffs], Thu Jun 28 23:13:42 2018 UTC (5 years, 8 months ago) by nepto

Changes since 2.115: +42 -17 lines
Diff to previous 2.115 (colored) to selected 2.49 (colored)

Implemented faster IP blocking without firewall reload
Check if IP was already blocked; block it only if it was not

Revision 2.115 / (download) - [select for diffs], Thu Jun 28 22:46:00 2018 UTC (5 years, 8 months ago) by nepto

Changes since 2.114: +2 -2 lines
Diff to previous 2.114 (colored) to selected 2.49 (colored)

Changed banned IP comment date format

Revision 2.114 / (download) - [select for diffs], Thu Jun 28 16:50:18 2018 UTC (5 years, 8 months ago) by nepto

Changes since 2.113: +2 -2 lines
Diff to previous 2.113 (colored) to selected 2.49 (colored)

Incomming traffic message printed with print_info()

Revision 2.113 / (download) - [select for diffs], Thu Mar 1 22:47:46 2018 UTC (6 years ago) by nepto

Changes since 2.112: +5 -4 lines
Diff to previous 2.112 (colored) to selected 2.49 (colored)

fixed Default-Start for SystemD on Stretch

Revision 2.112 / (download) - [select for diffs], Wed Jul 6 22:47:03 2016 UTC (7 years, 8 months ago) by nepto

Changes since 2.111: +3 -3 lines
Diff to previous 2.111 (colored) to selected 2.49 (colored)

For accepting input TCP/UDP use INTERFACES + lo insted of REAL_INTERFACES

Revision 2.111 / (download) - [select for diffs], Thu May 5 23:54:19 2016 UTC (7 years, 10 months ago) by nepto

Changes since 2.110: +18 -21 lines
Diff to previous 2.110 (colored) to selected 2.49 (colored)

Load by file name (Slovakia.txt vs Slovakia) in load_subnets
Better output messages in load_subnets
Added file Slovakia.txt into subnets/
(however file is very old, from year 2013, it needs update)

Revision 2.110 / (download) - [select for diffs], Thu May 5 21:07:54 2016 UTC (7 years, 10 months ago) by rajo

Changes since 2.109: +49 -38 lines
Diff to previous 2.109 (colored) to selected 2.49 (colored)

map_subnet replaced by load_subnet

Revision 2.109 / (download) - [select for diffs], Fri Feb 26 07:01:10 2016 UTC (8 years ago) by nepto

Changes since 2.108: +24 -19 lines
Diff to previous 2.108 (colored) to selected 2.49 (colored)

UDP *must* go before TCP
Reason: we need to have working DNS resolving, which works over
port 53/UDP. Resolving is required for those rules, which use
hostname instead of IP address, for example cvs.platon.sk:2401.

Revision 2.108 / (download) - [select for diffs], Fri Feb 26 03:11:01 2016 UTC (8 years ago) by nepto

Changes since 2.107: +5 -4 lines
Diff to previous 2.107 (colored) to selected 2.49 (colored)

Reorder rules to have output UDP traffic at the beginning, so we can
resolve certain hostnames in our rules, such as jabber.platon.sk,
vps.platon.sk, cvs.platon.sk and others

Revision 2.107 / (download) - [select for diffs], Fri Feb 26 02:53:42 2016 UTC (8 years ago) by nepto

Changes since 2.106: +21 -7 lines
Diff to previous 2.106 (colored) to selected 2.49 (colored)

Better formatting printing for some lists

Revision 2.106 / (download) - [select for diffs], Sun Jan 17 15:03:29 2016 UTC (8 years, 2 months ago) by rajo

Changes since 2.105: +36 -1 lines
Diff to previous 2.105 (colored) to selected 2.49 (colored)

New feature: map-subnet - map subnets from file into config variables

Revision 2.105 / (download) - [select for diffs], Mon Oct 19 14:00:33 2015 UTC (8 years, 5 months ago) by nepto

Changes since 2.104: +16 -4 lines
Diff to previous 2.104 (colored) to selected 2.49 (colored)

Added support for redirect on loopback (lo) interface

Revision 2.104 / (download) - [select for diffs], Mon Oct 12 22:41:24 2015 UTC (8 years, 5 months ago) by rajo

Changes since 2.103: +12 -3 lines
Diff to previous 2.103 (colored) to selected 2.49 (colored)

Fix: parse new ifconfig format introduced in Debian version 1.60+git20150829.73ce of package net-tools

Revision 2.103 / (download) - [select for diffs], Tue Apr 29 23:22:55 2014 UTC (9 years, 10 months ago) by nepto

Changes since 2.102: +2 -2 lines
Diff to previous 2.102 (colored) to selected 2.49 (colored)

Better comparison with 10050

Revision 2.102 / (download) - [select for diffs], Tue Apr 15 05:02:32 2014 UTC (9 years, 11 months ago) by nepto

Changes since 2.101: +2 -2 lines
Diff to previous 2.101 (colored) to selected 2.49 (colored)

Newline before Zabbix port on printout

Revision 2.101 / (download) - [select for diffs], Sat Sep 28 18:51:30 2013 UTC (10 years, 5 months ago) by nepto

Changes since 2.100: +23 -16 lines
Diff to previous 2.100 (colored) to selected 2.49 (colored)

Allow ALL OUTPUT traffic only for interfaces with gateway

Revision 2.100 / (download) - [select for diffs], Sat Sep 28 10:07:18 2013 UTC (10 years, 5 months ago) by nepto

Changes since 2.99: +5 -4 lines
Diff to previous 2.99 (colored) to selected 2.49 (colored)

Print real interface name when doing allow output

Revision 2.99 / (download) - [select for diffs], Sat Sep 28 09:25:35 2013 UTC (10 years, 5 months ago) by nepto

Changes since 2.98: +4 -4 lines
Diff to previous 2.98 (colored) to selected 2.49 (colored)

Fixed bug with output_tcp/udp/icmp_str variable

Revision 2.98 / (download) - [select for diffs], Sat Sep 28 09:22:42 2013 UTC (10 years, 5 months ago) by nepto

Changes since 2.97: +84 -11 lines
Diff to previous 2.97 (colored) to selected 2.49 (colored)

allow_output() modified:
it ACCEPTs selected IPs/ports if defined for interface
if not defined, then it ACCEPTs all packets from our IP addresses

Revision 2.97 / (download) - [select for diffs], Sat Sep 28 08:30:57 2013 UTC (10 years, 5 months ago) by nepto

Changes since 2.96: +3 -3 lines
Diff to previous 2.96 (colored) to selected 2.49 (colored)

Function allow_output renamed to allow_all_output

Revision 2.96 / (download) - [select for diffs], Mon Sep 23 08:40:34 2013 UTC (10 years, 5 months ago) by nepto

Changes since 2.95: +9 -4 lines
Diff to previous 2.95 (colored) to selected 2.49 (colored)

Implemented NAT_SUBNET_SRC param for MASQUERADE

Revision 2.95 / (download) - [select for diffs], Sat Sep 21 03:01:24 2013 UTC (10 years, 5 months ago) by nepto

Changes since 2.94: +2 -5 lines
Diff to previous 2.94 (colored) to selected 2.49 (colored)

Removed NAT: Enabling packet forwarding from masquerade() because it is already in forward_on()

Revision 2.94 / (download) - [select for diffs], Sat Sep 21 02:57:58 2013 UTC (10 years, 5 months ago) by nepto

Changes since 2.93: +167 -167 lines
Diff to previous 2.93 (colored) to selected 2.49 (colored)

Improved indentation in masquerade()

Revision 2.93 / (download) - [select for diffs], Sat Sep 21 02:55:50 2013 UTC (10 years, 5 months ago) by nepto

Changes since 2.92: +8 -5 lines
Diff to previous 2.92 (colored) to selected 2.49 (colored)

Support basic masquearade functionality in XEN_MODE

Revision 2.92 / (download) - [select for diffs], Tue Oct 30 16:08:52 2012 UTC (11 years, 4 months ago) by rajo

Changes since 2.91: +20 -20 lines
Diff to previous 2.91 (colored) to selected 2.49 (colored)

Fixed warning: The state match is obsolete. Use conntrack instead.

Revision 2.91 / (download) - [select for diffs], Tue Feb 14 22:52:12 2012 UTC (12 years, 1 month ago) by rajo

Changes since 2.90: +3 -1 lines
Diff to previous 2.90 (colored) to selected 2.49 (colored)

Start with new firewalling rules after blocking some subnet.

Revision 2.90 / (download) - [select for diffs], Sat Feb 11 19:38:51 2012 UTC (12 years, 1 month ago) by rajo

Changes since 2.89: +15 -12 lines
Diff to previous 2.89 (colored) to selected 2.49 (colored)

Cosmetic changes.

Revision 2.89 / (download) - [select for diffs], Sat Feb 11 19:06:20 2012 UTC (12 years, 1 month ago) by rajo

Changes since 2.88: +5 -2 lines
Diff to previous 2.88 (colored) to selected 2.49 (colored)

IP tables can be configured.

Revision 2.88 / (download) - [select for diffs], Sat Feb 11 18:59:55 2012 UTC (12 years, 1 month ago) by rajo

Changes since 2.87: +33 -9 lines
Diff to previous 2.87 (colored) to selected 2.49 (colored)

Implemented remote update function.
deploy-block is not backward compatible, update to latest version.

Revision 2.87 / (download) - [select for diffs], Fri Feb 10 23:01:58 2012 UTC (12 years, 1 month ago) by rajo

Changes since 2.86: +74 -8 lines
Diff to previous 2.86 (colored) to selected 2.49 (colored)

* Commited lost revision 2.87 (server migration)
* Added "update" and "deploy-update" commands, can be customized with
  variable $UPDATE_SCRIPT.

Revision 2.86 / (download) - [select for diffs], Sat Dec 10 19:46:02 2011 UTC (12 years, 3 months ago) by nepto

Changes since 2.85: +3 -1 lines
Diff to previous 2.85 (colored) to selected 2.49 (colored)

Added newline every 5 entries in Accepting INPUT TCP

Revision 2.85 / (download) - [select for diffs], Sat Dec 3 19:28:30 2011 UTC (12 years, 3 months ago) by rajo

Changes since 2.84: +28 -36 lines
Diff to previous 2.84 (colored) to selected 2.49 (colored)

Shell variables should be quoted.

Revision 2.84 / (download) - [select for diffs], Fri Nov 18 23:58:33 2011 UTC (12 years, 4 months ago) by rajo

Changes since 2.83: +33 -5 lines
Diff to previous 2.83 (colored) to selected 2.49 (colored)

Fix: multiport support for drop rules

Revision 2.83 / (download) - [select for diffs], Fri Nov 18 23:49:00 2011 UTC (12 years, 4 months ago) by rajo

Changes since 2.82: +3 -3 lines
Diff to previous 2.82 (colored) to selected 2.49 (colored)

Fix: bash integer expression expected

Revision 2.82 / (download) - [select for diffs], Fri Nov 18 23:26:18 2011 UTC (12 years, 4 months ago) by rajo

Changes since 2.81: +73 -17 lines
Diff to previous 2.81 (colored) to selected 2.49 (colored)

Optimization: ports can be separated by comma: single rule with -m multiport --dports
22,80,443 is then generated instead of multiple rules.

Revision 2.81 / (download) - [select for diffs], Mon Oct 3 17:42:56 2011 UTC (12 years, 5 months ago) by nepto

Changes since 2.80: +2 -2 lines
Diff to previous 2.80 (colored) to selected 2.49 (colored)

Fixed broken MD5 key creation in load_cache()

Revision 2.80 / (download) - [select for diffs], Mon Oct 3 17:33:52 2011 UTC (12 years, 5 months ago) by nepto

Changes since 2.79: +19 -3 lines
Diff to previous 2.79 (colored) to selected 2.49 (colored)

Better creation of $config variable in load_cache()

Revision 2.79 / (download) - [select for diffs], Wed Jul 20 19:05:12 2011 UTC (12 years, 8 months ago) by nepto

Changes since 2.78: +82 -23 lines
Diff to previous 2.78 (colored) to selected 2.49 (colored)

Implemented XEN_MODE

Revision 2.78 / (download) - [select for diffs], Thu Jul 14 13:13:22 2011 UTC (12 years, 8 months ago) by nepto

Changes since 2.77: +5 -1 lines
Diff to previous 2.77 (colored) to selected 2.49 (colored)

Created XEN_MODE: if initialized, default policy for FORWARD is ACCEPT

Revision 2.77 / (download) - [select for diffs], Mon Jan 24 20:26:04 2011 UTC (13 years, 1 month ago) by rajo

Changes since 2.76: +79 -18 lines
Diff to previous 2.76 (colored) to selected 2.49 (colored)

* Commited some older work - fixes related to DHCP requests and Windows
* Added LSB fields into header. See Dependency based boot sequence
  http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot
* Implemented NAT_FORWARD_TCP_HOSTS NAT_FORWARD_UDP_HOSTS (all packets
  to this hosts are permitted from local network behind NAT)
* Implemented NAT_FORWARD_TCP_CLIENTS NAT_FORWARD_UDP_CLIENTS (all
  packets from client behind NAT are permitted)
* Commited some older work - fixes related to DHCP requests and MS
  Windows traffic
I'm sorry for this "multicommit".

Revision 2.76 / (download) - [select for diffs], Sun Jan 16 12:18:14 2011 UTC (13 years, 2 months ago) by nepto

Changes since 2.75: +15 -2 lines
Diff to previous 2.75 (colored) to selected 2.49 (colored)

Added Debian LSB tags

Revision 2.75 / (download) - [select for diffs], Fri Oct 22 12:20:42 2010 UTC (13 years, 4 months ago) by nepto

Changes since 2.74: +4 -4 lines
Diff to previous 2.74 (colored) to selected 2.49 (colored)

Use "print_info" instead of "echo" in custom_rules()

Revision 2.74 / (download) - [select for diffs], Sun Aug 8 23:34:25 2010 UTC (13 years, 7 months ago) by nepto

Changes since 2.73: +29 -1 lines
Diff to previous 2.73 (colored) to selected 2.49 (colored)

Custom rules implemented

Revision 2.73 / (download) - [select for diffs], Mon Jun 21 21:52:16 2010 UTC (13 years, 9 months ago) by nepto

Changes since 2.72: +2 -2 lines
Diff to previous 2.72 (colored) to selected 2.49 (colored)

Shell must be bash, since dash is not working well

Revision 2.72 / (download) - [select for diffs], Wed Jun 9 11:29:14 2010 UTC (13 years, 9 months ago) by nepto

Changes since 2.71: +2 -2 lines
Diff to previous 2.71 (colored) to selected 2.49 (colored)

Fixed udp vs tcp typo

Revision 2.71 / (download) - [select for diffs], Fri Nov 6 23:14:36 2009 UTC (14 years, 4 months ago) by nepto

Changes since 2.70: +64 -2 lines
Diff to previous 2.70 (colored) to selected 2.49 (colored)

Implemented REAL_DROP_INPUT_TCP/UDP, REAL_REJECT_INPUT_TCP/UDP and
REAL_ACCEPT_INPUT_TCP/UDP configuration options as an alternatives
for ALL_*_INPUT_TCP/UDP which work for real interfaces only.

New REAL_*_INPUT_TCP/UDP options works for yet non-existent interfaces
as well, what could be useful for an IP failover in HA clustering.

Revision 2.70 / (download) - [select for diffs], Wed Jul 1 12:28:07 2009 UTC (14 years, 8 months ago) by nepto

Changes since 2.69: +2 -2 lines
Diff to previous 2.69 (colored) to selected 2.49 (colored)

Updated copyright info

Revision 2.69 / (download) - [select for diffs], Wed Jul 1 12:23:11 2009 UTC (14 years, 8 months ago) by nepto

Changes since 2.68: +2 -2 lines
Diff to previous 2.68 (colored) to selected 2.49 (colored)

Return sorted list of interfaces

Revision 2.68 / (download) - [select for diffs], Wed Mar 4 22:51:42 2009 UTC (15 years ago) by nepto

Changes since 2.67: +17 -3 lines
Diff to previous 2.67 (colored) to selected 2.49 (colored)

Implemented IP-ADDRESS:ALL for enabling traffic to ALL ports from
certain IP address

Revision 2.67 / (download) - [select for diffs], Wed Feb 11 22:55:41 2009 UTC (15 years, 1 month ago) by rajo

Changes since 2.66: +6 -3 lines
Diff to previous 2.66 (colored) to selected 2.49 (colored)

Fix: 96.0.0.0/4 is not reseverd network by IANA anymore - there is a part od Comcast network. Thanks to Tony <sailorcto AT gmail.com>.

Revision 2.66 / (download) - [select for diffs], Fri Feb 6 23:13:38 2009 UTC (15 years, 1 month ago) by rajo

Changes since 2.65: +13 -5 lines
Diff to previous 2.65 (colored) to selected 2.49 (colored)

NAT: IP alias can be forwarded to machine in local network.

Revision 2.65 / (download) - [select for diffs], Fri Feb 6 00:43:12 2009 UTC (15 years, 1 month ago) by rajo

Changes since 2.64: +2 -2 lines
Diff to previous 2.64 (colored) to selected 2.49 (colored)

Debug disabled.

Revision 2.64 / (download) - [select for diffs], Fri Feb 6 00:38:56 2009 UTC (15 years, 1 month ago) by rajo

Changes since 2.63: +71 -61 lines
Diff to previous 2.63 (colored) to selected 2.49 (colored)

IPtables rules can be defined per IP address alias (eth0:0, eth0:1,
...), not per IP of interface (eth0). This enhances rules granularity,
because interface eth0:0 can have different rules than eth0:1.

Revision 2.63 / (download) - [select for diffs], Sat Jan 17 01:37:08 2009 UTC (15 years, 2 months ago) by rajo

Changes since 2.62: +6 -6 lines
Diff to previous 2.62 (colored) to selected 2.49 (colored)

Fix: fixed check_tools() (see previus patch - I'm a little bit drunk and tired)

Revision 2.62 / (download) - [select for diffs], Sat Jan 17 01:31:26 2009 UTC (15 years, 2 months ago) by rajo

Changes since 2.61: +31 -21 lines
Diff to previous 2.61 (colored) to selected 2.49 (colored)

Added dependency checks.

Revision 2.61 / (download) - [select for diffs], Sat Jan 17 01:16:43 2009 UTC (15 years, 2 months ago) by rajo

Changes since 2.60: +3 -2 lines
Diff to previous 2.60 (colored) to selected 2.49 (colored)

Continue with rules setting when loading from cache fails.

Revision 2.60 / (download) - [select for diffs], Sat Jan 17 01:09:03 2009 UTC (15 years, 2 months ago) by nepto

Changes since 2.59: +25 -4 lines
Diff to previous 2.59 (colored) to selected 2.49 (colored)

More pretty output with nice string padding

Revision 2.59 / (download) - [select for diffs], Mon Apr 14 18:04:31 2008 UTC (15 years, 11 months ago) by rajo

Changes since 2.58: +7 -2 lines
Diff to previous 2.58 (colored) to selected 2.49 (colored)

Fix: restore shaping rules when loading cache.

Revision 2.58 / (download) - [select for diffs], Sun Apr 13 19:27:00 2008 UTC (15 years, 11 months ago) by rajo

Changes since 2.57: +78 -1 lines
Diff to previous 2.57 (colored) to selected 2.49 (colored)

New feature: experimental support for shaping.

Revision 2.57 / (download) - [select for diffs], Sat Feb 2 22:57:54 2008 UTC (16 years, 1 month ago) by rajo

Changes since 2.56: +11 -11 lines
Diff to previous 2.56 (colored) to selected 2.49 (colored)

* Fix: use tcp-reset instead of default icmp-port-unreachable, because
  icmp-port-unreachable is filtered by some firewalls
* --reject-with is configurable by REJECT_WITH variable

Revision 2.56 / (download) - [select for diffs], Sun Jan 27 13:36:02 2008 UTC (16 years, 1 month ago) by rajo

Changes since 2.55: +2 -2 lines
Diff to previous 2.55 (colored) to selected 2.49 (colored)

Fix: print_info(): handle spaces in arguments correctly.

Revision 2.55 / (download) - [select for diffs], Thu Jan 17 22:12:34 2008 UTC (16 years, 2 months ago) by rajo

Changes since 2.54: +3 -3 lines
Diff to previous 2.54 (colored) to selected 2.49 (colored)

Fix: fixed blocking on local machine. Be quiet in deploy-block mode.

Revision 2.54 / (download) - [select for diffs], Thu Jan 17 21:47:44 2008 UTC (16 years, 2 months ago) by rajo

Changes since 2.53: +2 -2 lines
Diff to previous 2.53 (colored) to selected 2.49 (colored)

Fix: be silent when run in blocking mode.

Revision 2.53 / (download) - [select for diffs], Thu Jan 17 21:44:30 2008 UTC (16 years, 2 months ago) by rajo

Changes since 2.52: +153 -139 lines
Diff to previous 2.52 (colored) to selected 2.49 (colored)

Silent mode supported.

Revision 2.52 / (download) - [select for diffs], Wed Jan 16 23:45:08 2008 UTC (16 years, 2 months ago) by rajo

Changes since 2.51: +71 -4 lines
Diff to previous 2.51 (colored) to selected 2.49 (colored)

New feature: block IP's with ONE command on all managed servers (simple
distributed firewalling)

WARNING:
WARNING: USE WITH CARE! You can cut-off your connection!
WARNING:

Usage:

/etc/init.d/firewall deploy-block 1.2.3.4/32

- /etc/default/firewall.d/deploy-servers.list - list of managed servers
- /etc/default/firewall.d/BANNED_IP.conf      - list of blockes IP's and/or networks

Revision 2.51 / (download) - [select for diffs], Wed Dec 12 23:30:10 2007 UTC (16 years, 3 months ago) by rajo

Changes since 2.50: +76 -3 lines
Diff to previous 2.50 (colored) to selected 2.49 (colored)

New feature: added options
  $ALL_REJECT_INPUT_TCP
  $ALL_REJECT_INPUT_UDP
  $eth0_REJECT_INPUT_TCP
  $eth0_REJECT_INPUT_UDP

Revision 2.50 / (download) - [select for diffs], Wed Aug 29 14:43:55 2007 UTC (16 years, 6 months ago) by rajo

Changes since 2.49: +74 -49 lines
Diff to previous 2.49 (colored)

awk ifconfig parser replaced by perl parser: fixed problem with old GNU awk (3.1.4, Debian sarge).

Revision 2.49 / (download) - [selected], Wed Oct 4 09:23:25 2006 UTC (17 years, 5 months ago) by rajo

Changes since 2.48: +3 -9 lines
Diff to previous 2.48 (colored)

Fix: if we drop something, destination IP address doesn't matter.

Revision 2.48 / (download) - [select for diffs], Sat Sep 30 21:55:28 2006 UTC (17 years, 5 months ago) by rajo

Changes since 2.47: +33 -9 lines
Diff to previous 2.47 (colored) to selected 2.49 (colored)

New feature: ability to limit connection to ports only from some IPs.

Revision 2.47 / (download) - [select for diffs], Sun Sep 24 16:17:10 2006 UTC (17 years, 5 months ago) by rajo

Changes since 2.46: +26 -0 lines
Diff to previous 2.46 (colored) to selected 2.49 (colored)

New feature: some packets can be dropped and they doesn't appear in log file.

Revision 2.46 / (download) - [select for diffs], Wed Aug 9 16:38:54 2006 UTC (17 years, 7 months ago) by rajo

Changes since 2.45: +1 -1 lines
Diff to previous 2.45 (colored) to selected 2.49 (colored)

Syn-flood protection turned off. Not usable for hi-loaded webservers.

Revision 2.45 / (download) - [select for diffs], Wed Aug 9 16:38:13 2006 UTC (17 years, 7 months ago) by rajo

Changes since 2.44: +1 -1 lines
Diff to previous 2.44 (colored) to selected 2.49 (colored)

Rules in cache depends also on source code of firewalling script.

Revision 2.44 / (download) - [select for diffs], Wed Aug 9 14:12:05 2006 UTC (17 years, 7 months ago) by rajo

Changes since 2.43: +1 -1 lines
Diff to previous 2.43 (colored) to selected 2.49 (colored)

DLINK DSL-360T note.

Revision 2.43 / (download) - [select for diffs], Wed Aug 9 11:41:13 2006 UTC (17 years, 7 months ago) by rajo

Changes since 2.42: +15 -0 lines
Diff to previous 2.42 (colored) to selected 2.49 (colored)

Added place for special rules.

Revision 2.42 / (download) - [select for diffs], Sun Mar 12 22:23:40 2006 UTC (18 years ago) by rajo

Changes since 2.41: +5 -3 lines
Diff to previous 2.41 (colored) to selected 2.49 (colored)

Feature: changed behaviour of $NAT_SET_TTL - you can specify exact value of TTL.

Revision 2.41 / (download) - [select for diffs], Sat Mar 4 02:43:23 2006 UTC (18 years ago) by rajo

Changes since 2.40: +1 -1 lines
Diff to previous 2.40 (colored) to selected 2.49 (colored)

Optimalization: RELATED,ESTABLISHED packets are accepted first - maybe quickes match of rules.

Revision 2.40 / (download) - [select for diffs], Sat Mar 4 02:09:52 2006 UTC (18 years ago) by rajo

Changes since 2.39: +8 -0 lines
Diff to previous 2.39 (colored) to selected 2.49 (colored)

New feature: hide NAT clients behind firewall: - set TTL

Revision 2.39 / (download) - [select for diffs], Tue Feb 28 17:50:00 2006 UTC (18 years ago) by rajo

Changes since 2.38: +8 -6 lines
Diff to previous 2.38 (colored) to selected 2.49 (colored)

Fix: fixed usage of awk (replaced with $AWK macro.
Fix: added note about bug in gawk: try to upgrade gawk (3.1.4-2.0.1 =>
3.1.5-1) if you experience problems with parser of ifconfig output.

Revision 2.38 / (download) - [select for diffs], Sun Jan 15 15:07:45 2006 UTC (18 years, 2 months ago) by rajo

Changes since 2.37: +4 -4 lines
Diff to previous 2.37 (colored) to selected 2.49 (colored)

Fix: fixed bug introduced in 2.36

Revision 2.37 / (download) - [select for diffs], Fri Jan 13 18:32:36 2006 UTC (18 years, 2 months ago) by rajo

Changes since 2.36: +34 -0 lines
Diff to previous 2.36 (colored) to selected 2.49 (colored)

New feature: some bad clients can be redirected from standard service port to closed port or service with another content.

Revision 2.36 / (download) - [select for diffs], Thu Jan 12 20:05:34 2006 UTC (18 years, 2 months ago) by rajo

Changes since 2.35: +94 -51 lines
Diff to previous 2.35 (colored) to selected 2.49 (colored)

New feature: multiple IP addresses(aliases) are determined for each interface and rules are generated for each IP address.

Revision 2.35 / (download) - [select for diffs], Tue Jan 10 01:33:26 2006 UTC (18 years, 2 months ago) by rajo

Changes since 2.34: +10 -0 lines
Diff to previous 2.34 (colored) to selected 2.49 (colored)

Traffic on redirected ports is taken into account for this client.

Revision 2.34 / (download) - [select for diffs], Tue Jan 10 01:01:59 2006 UTC (18 years, 2 months ago) by rajo

Changes since 2.33: +1 -1 lines
Diff to previous 2.33 (colored) to selected 2.49 (colored)

Fix: eth0 iterface name was used instead of variable $NAT_LAN_IFACE. Not buggy for default configuration.

Revision 2.33 / (download) - [select for diffs], Mon Jan 9 23:24:45 2006 UTC (18 years, 2 months ago) by rajo

Changes since 2.32: +16 -9 lines
Diff to previous 2.32 (colored) to selected 2.49 (colored)

Added support for IP accountig statistics: http://www.atout.be/zorbiptrafficlive/zorbiptraffic.php

Revision 2.32 / (download) - [select for diffs], Mon Jan 9 00:52:06 2006 UTC (18 years, 2 months ago) by rajo

Changes since 2.31: +32 -1 lines
Diff to previous 2.31 (colored) to selected 2.49 (colored)

Experimental IP accounting support.

Revision 2.31 / (download) - [select for diffs], Thu Jan 5 18:14:57 2006 UTC (18 years, 2 months ago) by rajo

Changes since 2.30: +10 -5 lines
Diff to previous 2.30 (colored) to selected 2.49 (colored)

Log new connections only for TCP and UDP protocols only by default.

Revision 2.30 / (download) - [select for diffs], Tue Nov 1 00:36:24 2005 UTC (18 years, 4 months ago) by rajo

Changes since 2.29: +1 -2 lines
Diff to previous 2.29 (colored) to selected 2.49 (colored)

Cleanup.

Revision 2.29 / (download) - [select for diffs], Tue Nov 1 00:12:49 2005 UTC (18 years, 4 months ago) by rajo

Changes since 2.28: +10 -4 lines
Diff to previous 2.28 (colored) to selected 2.49 (colored)

Fix: fixed bug with IP packet forwarding - we need to turn on packet forwarding explicitely, if rules are loaded from cache. Thanks to M. Palenik for bug report.

Revision 2.28 / (download) - [select for diffs], Sun Oct 9 21:11:08 2005 UTC (18 years, 5 months ago) by rajo

Changes since 2.27: +7 -1 lines
Diff to previous 2.27 (colored) to selected 2.49 (colored)

Fix: drop packets from $NAT_CLIENT_DROP also in INPUT chain, not only for FORWARD chain.

Revision 2.27 / (download) - [select for diffs], Thu Aug 4 19:39:11 2005 UTC (18 years, 7 months ago) by rajo

Changes since 2.26: +38 -5 lines
Diff to previous 2.26 (colored) to selected 2.49 (colored)

Generated rules can be cached and stored into file. Loading rules from cache file is more quickly.

Revision 2.26 / (download) - [select for diffs], Wed Jun 29 16:16:46 2005 UTC (18 years, 8 months ago) by rajo

Changes since 2.25: +30 -14 lines
Diff to previous 2.25 (colored) to selected 2.49 (colored)

* Modules loading and unloading can be better configured
* './fw-universal.sh stop' doesn't remove all rules: ESTABLISHED,
  RELATED packets are accepted
* All rules can be removed with './fw-universal.sh really-off'

Revision 2.25 / (download) - [select for diffs], Wed Jun 29 15:24:04 2005 UTC (18 years, 8 months ago) by rajo

Changes since 2.24: +52 -41 lines
Diff to previous 2.24 (colored) to selected 2.49 (colored)

* Logging via syslog can be turned off (default is on).
* Variable DEFAULT_CONFIG renamed to DEFAULT_FIREWALL_CONFIG.
* Fixed usage() message.

Revision 2.24 / (download) - [select for diffs], Mon Apr 18 22:49:30 2005 UTC (18 years, 11 months ago) by rajo

Changes since 2.23: +16 -1 lines
Diff to previous 2.23 (colored) to selected 2.49 (colored)

Explicitely turn off packet forwarding

Revision 2.23 / (download) - [select for diffs], Fri Apr 15 22:07:18 2005 UTC (18 years, 11 months ago) by rajo

Changes since 2.22: +5 -1 lines
Diff to previous 2.22 (colored) to selected 2.49 (colored)

Explicitly enable packet forwarding.

Revision 2.22 / (download) - [select for diffs], Wed Mar 16 13:53:36 2005 UTC (19 years ago) by rajo

Changes since 2.21: +25 -1 lines
Diff to previous 2.21 (colored) to selected 2.49 (colored)

* New Feature: bann IP address
  This feature has been developed for following reason:
  UbiCrawler spam our website with many requests (they are duplicit requests of the same page!)
  And this web robot doesn't accept HTTP META tags (http://www.robotstxt.org/wc/faq.html#extension)
  User Agent: "UbiCrawler/v0.4beta (http://ubi.iit.cnr.it/projects/ubicrawler/)"

Revision 2.21 / (download) - [select for diffs], Sun Mar 6 19:18:04 2005 UTC (19 years ago) by rajo

Changes since 2.20: +3 -2 lines
Diff to previous 2.20 (colored) to selected 2.49 (colored)

We must accept OUTPUT packets also on lo interface.

Revision 2.20 / (download) - [select for diffs], Fri Mar 4 23:53:14 2005 UTC (19 years ago) by rajo

Changes since 2.19: +51 -4 lines
Diff to previous 2.19 (colored) to selected 2.49 (colored)

Parse also route info (gateway, etc.).

Revision 2.19 / (download) - [select for diffs], Tue Mar 1 23:17:11 2005 UTC (19 years ago) by rajo

Changes since 2.18: +14 -1 lines
Diff to previous 2.18 (colored) to selected 2.49 (colored)

New feature: port forwarding to local machines

Revision 2.18 / (download) - [select for diffs], Tue Mar 1 21:47:20 2005 UTC (19 years ago) by rajo

Changes since 2.17: +5 -1 lines
Diff to previous 2.17 (colored) to selected 2.49 (colored)

Deny NAT for some clients in your LAN.

Revision 2.17 / (download) - [select for diffs], Sun Jan 16 17:24:23 2005 UTC (19 years, 2 months ago) by rajo

Changes since 2.16: +2 -1 lines
Diff to previous 2.16 (colored) to selected 2.49 (colored)

Zero packet counts.

Revision 2.16 / (download) - [select for diffs], Sun Jan 16 15:27:15 2005 UTC (19 years, 2 months ago) by rajo

Changes since 2.15: +35 -1 lines
Diff to previous 2.15 (colored) to selected 2.49 (colored)

Added traceroute support

Revision 2.15 / (download) - [select for diffs], Sun Jan 16 12:13:32 2005 UTC (19 years, 2 months ago) by rajo

Changes since 2.14: +25 -14 lines
Diff to previous 2.14 (colored) to selected 2.49 (colored)

Fix: don't run any rule for interafaces listed in $IFACE_ACCEPT_ALL

Split interfaces into 2 groups:
  - interfaces without restrictions (e.g. lo, tun+, tap+)
    $IFACE_ACCEPT_ALL
  - interfaces with restrictions (eth0, eth1, ...)
    $INTERFACES

Revision 2.14 / (download) - [select for diffs], Sun Jan 16 11:06:46 2005 UTC (19 years, 2 months ago) by rajo

Changes since 2.13: +1 -14 lines
Diff to previous 2.13 (colored) to selected 2.49 (colored)

Cleanup.

Revision 2.13 / (download) - [select for diffs], Sun Jan 16 11:06:10 2005 UTC (19 years, 2 months ago) by rajo

Changes since 2.12: +2 -2 lines
Diff to previous 2.12 (colored) to selected 2.49 (colored)

Added simple DEBUG

Revision 2.12 / (download) - [select for diffs], Sun Jan 16 10:55:39 2005 UTC (19 years, 2 months ago) by rajo

Changes since 2.11: +15 -1 lines
Diff to previous 2.11 (colored) to selected 2.49 (colored)

Added $ALL_ACCEPT_INPUT_UDP - accept UDP packets on ports

Revision 2.11 / (download) - [select for diffs], Thu Jan 13 13:31:54 2005 UTC (19 years, 2 months ago) by rajo

Changes since 2.10: +15 -15 lines
Diff to previous 2.10 (colored) to selected 2.49 (colored)

* Log level set to 'notice'.
* * options '-j LOG --log-prefix' included into variable $LOG_LIMIT

Revision 2.10 / (download) - [select for diffs], Tue Jan 4 23:56:23 2005 UTC (19 years, 2 months ago) by rajo

Changes since 2.9: +3 -3 lines
Diff to previous 2.9 (colored) to selected 2.49 (colored)

Fixed dates.

Revision 2.9 / (download) - [select for diffs], Tue Jan 4 19:58:42 2005 UTC (19 years, 2 months ago) by rajo

Changes since 2.8: +2 -2 lines
Diff to previous 2.8 (colored) to selected 2.49 (colored)

Syntax fix.

Revision 2.8 / (download) - [select for diffs], Tue Jan 4 19:57:14 2005 UTC (19 years, 2 months ago) by rajo

Changes since 2.7: +4 -2 lines
Diff to previous 2.7 (colored) to selected 2.49 (colored)

Fix: accept all output packets on $IFACE_ACCEPT_ALL
Fix: masquerade all packets (not only from local subnet)

Revision 2.7 / (download) - [select for diffs], Sun Jan 2 13:31:46 2005 UTC (19 years, 2 months ago) by rajo

Changes since 2.6: +14 -7 lines
Diff to previous 2.6 (colored) to selected 2.49 (colored)

* Fix: fixed ICMP configuration.
* Allow ICMP packets in FORWARD chains.

Revision 2.6 / (download) - [select for diffs], Sun Jan 2 02:37:12 2005 UTC (19 years, 2 months ago) by rajo

Changes since 2.5: +7 -3 lines
Diff to previous 2.5 (colored) to selected 2.49 (colored)

Fix: remove all iptables chains also in other tables (nat, mangle, ...)

Revision 2.5 / (download) - [select for diffs], Sun Jan 2 01:49:01 2005 UTC (19 years, 2 months ago) by rajo

Changes since 2.4: +57 -4 lines
Diff to previous 2.4 (colored) to selected 2.49 (colored)

* NAT support.
* NAT: don't forward Miscrosoft protocols - NOT RFC compliant packets
* NAT: Configure port forwarding
* Log new connections: usefull for securing your NAT network.

Revision 2.4 / (download) - [select for diffs], Fri Dec 31 01:54:52 2004 UTC (19 years, 2 months ago) by rajo

Changes since 2.3: +4 -4 lines
Diff to previous 2.3 (colored) to selected 2.49 (colored)

Fix: substitute "iptables" with "$IPTABLES"

Revision 2.3 / (download) - [select for diffs], Thu Dec 30 23:16:20 2004 UTC (19 years, 2 months ago) by rajo

Changes since 2.2: +2 -2 lines
Diff to previous 2.2 (colored) to selected 2.49 (colored)

Sync.

Revision 2.2 / (download) - [select for diffs], Sun Dec 12 18:00:11 2004 UTC (19 years, 3 months ago) by rajo

Changes since 2.1: +113 -25 lines
Diff to previous 2.1 (colored) to selected 2.49 (colored)

* Fixed antispoof filter.
* Added masquerading support.
* Ability to configure package dropping.

Revision 2.1 / (download) - [select for diffs], Sat Dec 11 19:50:24 2004 UTC (19 years, 3 months ago) by rajo

Diff to selected 2.49 (colored)

Set default policy before removing chains

Revision 2.0 / (download) - [select for diffs], Sun Nov 14 15:23:09 2004 UTC (19 years, 4 months ago) by rajo

Diff to selected 2.49 (colored)

* Firewall configuration is now in config file.
* Default $INET_IFACE removed - replaced by per-interface configuration
  options.
* Fixed bug with unloading modules.
* allow_icmp() function was not called - fixed.

Revision 1.1 / (download) - [select for diffs], Fri Oct 24 15:40:44 2003 UTC (20 years, 4 months ago) by rajo
Diff to selected 2.49 (colored)

Universal firewall script.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




Platon Group <platon@platon.org> http://platon.org/
Copyright © 2002-2006 Platon Group
Site powered by Metafox CMS
Go to Top