Oops, variable name conflict

master
bbruns 12 years ago
parent ab10d17e3b
commit 3fbf89ac6d
  1. 12
      bin/firewall-sosdg
  2. 12
      include/static
  3. 16
      options.default

@ -699,9 +699,9 @@ if [ $NAT ]; then
fi
fi
$IPTABLES --policy INPUT ${IPV4_INPUT}
$IPTABLES --policy OUTPUT ${IPV4_OUTPUT}
$IPTABLES --policy FORWARD ${IPV4_FORWARD}
$IPTABLES --policy INPUT ${IPV4_PINPUT}
$IPTABLES --policy OUTPUT ${IPV4_POUTPUT}
$IPTABLES --policy FORWARD ${IPV4_PFORWARD}
if [ -s "$BASEDIR/include/ipv4_custom_blockincoming" ]; then
@ -989,9 +989,9 @@ fi
$IP6TABLES -A INPUT -p tcp --syn -j DROP
$IP6TABLES -A INPUT -p udp -j DROP
fi
$IP6TABLES --policy INPUT ${IPV6_INPUT}
$IP6TABLES --policy OUTPUT ${IPV6_OUTPUT}
$IP6TABLES --policy FORWARD ${IPV6_FORWARD}
$IP6TABLES --policy INPUT ${IPV6_PINPUT}
$IP6TABLES --policy OUTPUT ${IPV6_POUTPUT}
$IP6TABLES --policy FORWARD ${IPV6_PFORWARD}
fi
if [ $TWEAKS ]; then

@ -88,9 +88,9 @@ IPV6_NETMASK_MATCH=""
# Default policies for IPv4 and IPv6. Make these ACCEPT by default, except for FORWARD,
# since one wrong configuration can lock someone out.
IPV4_INPUT=ACCEPT
IPV4_OUTPUT=ACCEPT
IPV4_FORWARD=DROP
IPV6_INPUT=ACCEPT
IPV6_OUTPUT=ACCEPT
IPV6_FORWARD=DROP
IPV4_PINPUT=ACCEPT
IPV4_POUTPUT=ACCEPT
IPV4_PFORWARD=DROP
IPV6_PINPUT=ACCEPT
IPV6_POUTPUT=ACCEPT
IPV6_PFORWARD=DROP

@ -43,13 +43,13 @@ POSTRUN="$BASEDIR/conf/postrun"
# Default IPv4 policies
# IPV4_INPUT set to DROP is different from BLOCKINCOMING,
# IPV4_PINPUT set to DROP is different from BLOCKINCOMING,
# as BLOCKINCOMING only blocks syn packets for TCP while still
# allowing established connections even if connection tracking is off.
# BLOCKINCOMING does however, deny all incoming UDP just like INPUT=DROP does.
IPV4_INPUT=ACCEPT
IPV4_OUTPUT=ACCEPT
IPV4_FORWARD=DROP
IPV4_PINPUT=ACCEPT
IPV4_POUTPUT=ACCEPT
IPV4_PFORWARD=DROP
# Do we run a LAN DHCP server? Put the interfaces here
# where this server is providing services.
@ -184,13 +184,13 @@ BLOCKEDIP=$BASEDIR/conf/ipv4-blocked
#IPV6_CONNTRACK=1
# Default IPv6 policies
# IPV6_INPUT set to DROP is different from IPV6_BLOCKINCOMING,
# IPV6_PINPUT set to DROP is different from IPV6_BLOCKINCOMING,
# as BLOCKINCOMING only blocks syn packets for TCP while still
# allowing established connections even if connection tracking is off.
# BLOCKINCOMING does however, deny all incoming UDP just like INPUT=DROP does.
IPV6_INPUT=ALLOW
IPV6_OUTPUT=ALLOW
IPV6_FORWARD=DROP
IPV6_PINPUT=ALLOW
IPV6_POUTPUT=ALLOW
IPV6_PFORWARD=DROP
# Allow outgoing DNS requests - important if you did not activate connection
# tracking. Set this to the interfaces you wish to use for outgoing requests

Loading…
Cancel
Save