Reverting chains work, theres some struct issues involving how I laid out the firewall work

master
bbruns 2014-02-16 20:53:55 +00:00
parent 890776e9e9
commit 58149aaf50
1 changed files with 6 additions and 16 deletions

View File

@ -202,18 +202,8 @@ if [ "$IPTABLES_MULTIPORT" ]; then
esac esac
fi fi
# Trying to better clean up some of my code, so lets try using some custom chains $IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -N BLACKHOLE $IPTABLES -A OUTPUT -o lo -j ACCEPT
$IPTABLES -N TRUSTED-IN
$IPTABLES -N TRUSTED-OUT
$IPTABLES -A INPUT -j TRUSTED-IN
$IPTABLES -A OUTPUT -j TRUSTED-OUT
$IPTABLES -A INPUT -j BLACKHOLE
$IPTABLES -A OUTPUT -j BLACKHOLE
$IPTABLES -A TRUSTED-IN -i lo -j ACCEPT
$IPTABLES -A TRUSTED-OUT -o lo -j ACCEPT
if [ -s "$BASEDIR/include/ipv4_custom_trust" ]; then if [ -s "$BASEDIR/include/ipv4_custom_trust" ]; then
display_c YELLOW "Loading custom trust rules..." display_c YELLOW "Loading custom trust rules..."
@ -224,8 +214,8 @@ if [ "$TRUSTEDIP" ]; then
display_c YELLOW "Adding trusted IP: " N display_c YELLOW "Adding trusted IP: " N
for i in $TRUSTEDIP; do for i in $TRUSTEDIP; do
echo -n "$i " echo -n "$i "
$IPTABLES -A TRUSTED-IN -s $i -j ACCEPT $IPTABLES -A INPUT -s $i -j ACCEPT
$IPTABLES -A TRUSTED-OUT -d $i -j ACCEPT $IPTABLES -A OUTPUT -d $i -j ACCEPT
done done
echo -ne "\n" echo -ne "\n"
fi fi
@ -253,11 +243,11 @@ if [ "$DNS_REQUESTS_OUT" ]; then
DNSIP_COUNT_CURR=1 DNSIP_COUNT_CURR=1
for ((i=$DNSIP_COUNT_CURR; i <= $DNSIP_NUM; i++)); do for ((i=$DNSIP_COUNT_CURR; i <= $DNSIP_NUM; i++)); do
if [ ${DNSREQ[$i]} ]; then if [ ${DNSREQ[$i]} ]; then
${IPTABLES} -A TRUSTED-IN -i ${SRCIF} -p udp --sport 53 -s ${DNSREQ[$i]} --destination-port 1024:65535 -j ACCEPT ${IPTABLES} -A INPUT -i ${SRCIF} -p udp --sport 53 -s ${DNSREQ[$i]} --destination-port 1024:65535 -j ACCEPT
fi fi
done done
else else
${IPTABLES} -A TRUSTED-IN -i $i -p udp --sport 53 --destination-port 1024:65535 -j ACCEPT ${IPTABLES} -A INPUT -i $i -p udp --sport 53 --destination-port 1024:65535 -j ACCEPT
fi fi
done done
fi fi