Browse Source

Reverting chains work, theres some struct issues involving how I laid out the firewall work

bbruns 4 years ago
parent
commit
58149aaf50
1 changed files with 6 additions and 16 deletions
  1. 6
    16
      bin/firewall-sosdg

+ 6
- 16
bin/firewall-sosdg View File

@@ -202,18 +202,8 @@ if [ "$IPTABLES_MULTIPORT" ]; then
202 202
 	  esac
203 203
 fi
204 204
 
205
-# Trying to better clean up some of my code, so lets try using some custom chains
206
-$IPTABLES -N BLACKHOLE
207
-$IPTABLES -N TRUSTED-IN
208
-$IPTABLES -N TRUSTED-OUT
209
-
210
-$IPTABLES -A INPUT -j TRUSTED-IN
211
-$IPTABLES -A OUTPUT -j TRUSTED-OUT
212
-$IPTABLES -A INPUT -j BLACKHOLE
213
-$IPTABLES -A OUTPUT -j BLACKHOLE
214
-
215
-$IPTABLES -A TRUSTED-IN -i lo -j ACCEPT
216
-$IPTABLES -A TRUSTED-OUT -o lo -j ACCEPT
205
+$IPTABLES -A INPUT -i lo -j ACCEPT
206
+$IPTABLES -A OUTPUT -o lo -j ACCEPT
217 207
 
218 208
 if [ -s "$BASEDIR/include/ipv4_custom_trust" ]; then
219 209
 	display_c YELLOW "Loading custom trust rules..."
@@ -224,8 +214,8 @@ if [ "$TRUSTEDIP" ]; then
224 214
 	display_c YELLOW "Adding trusted IP: " N
225 215
 	for i in $TRUSTEDIP; do
226 216
 		echo -n "$i "
227
-		$IPTABLES -A TRUSTED-IN -s $i -j ACCEPT
228
-		$IPTABLES -A TRUSTED-OUT -d $i -j ACCEPT
217
+		$IPTABLES -A INPUT -s $i -j ACCEPT
218
+		$IPTABLES -A OUTPUT -d $i -j ACCEPT
229 219
 	done
230 220
 	echo -ne "\n"
231 221
 fi
@@ -253,11 +243,11 @@ if [ "$DNS_REQUESTS_OUT" ]; then
253 243
 			DNSIP_COUNT_CURR=1
254 244
 			for ((i=$DNSIP_COUNT_CURR; i <= $DNSIP_NUM; i++)); do
255 245
 				if [ ${DNSREQ[$i]} ]; then
256
-					${IPTABLES} -A TRUSTED-IN -i ${SRCIF} -p udp --sport 53 -s ${DNSREQ[$i]} --destination-port 1024:65535 -j ACCEPT
246
+					${IPTABLES} -A INPUT -i ${SRCIF} -p udp --sport 53 -s ${DNSREQ[$i]} --destination-port 1024:65535 -j ACCEPT
257 247
 				fi
258 248
 			done			
259 249
 		else
260
-			${IPTABLES} -A TRUSTED-IN -i $i -p udp --sport 53 --destination-port 1024:65535 -j ACCEPT
250
+			${IPTABLES} -A INPUT -i $i -p udp --sport 53 --destination-port 1024:65535 -j ACCEPT
261 251
 		fi
262 252
 	done
263 253
 fi