master
bbruns@gmail.com
parent
5eaef26f04
commit
35504323b6
|
|
@ -142,6 +142,7 @@ if [ "${EnableIPv4}" == "yes" ]; then
|
|||
setup_iptables_chains ipv4
|
||||
|
||||
if [ "${AllowAllv4Loopback}" == "yes" ]; then allow_all_loopback ipv4; fi
|
||||
if [ "${EnableTrustedv4Hosts}" == "yes" ]; then allow_trusted_hosts ipv4; fi
|
||||
fi
|
||||
|
||||
# Do IPv4 IPTables Rules
|
||||
|
|
@ -154,5 +155,6 @@ if [ "${EnableIPv6}" == "yes" ]; then
|
|||
setup_iptables_chains ipv6
|
||||
|
||||
if [ "${AllowAllv6Loopback}" == "yes" ]; then allow_all_loopback ipv6; fi
|
||||
if [ "${EnableTrustedv6Hosts}" == "yes" ]; then allow_trusted_hosts ipv6; fi
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -10,6 +10,10 @@ AllowAllv4Loopback="yes"
|
|||
# Very early on rules to allow for trusted machines to access
|
||||
# this machine. Rather important and helps keep you from getting
|
||||
# locked out should the firewalling rules go bad.
|
||||
#
|
||||
# IMPORTANT: Hosts put in the trusted file will have complete
|
||||
# and unfettered access to the host, ignoring all other rules.
|
||||
#
|
||||
# Config file is located in ipv4/trusted.conf
|
||||
# Values: no | yes (default)
|
||||
EnableTrustedv4Hosts="yes"
|
||||
|
|
@ -5,4 +5,15 @@
|
|||
# Good idea to keep this turned on, but if you so wish to,
|
||||
# you can disable it here.
|
||||
# Values: no | yes (default)
|
||||
AllowAllv6Loopback="yes"
|
||||
AllowAllv6Loopback="yes"
|
||||
|
||||
# Very early on rules to allow for trusted machines to access
|
||||
# this machine. Rather important and helps keep you from getting
|
||||
# locked out should the firewalling rules go bad.
|
||||
#
|
||||
# IMPORTANT: Hosts put in the trusted file will have complete
|
||||
# and unfettered access to the host, ignoring all other rules.
|
||||
#
|
||||
# Config file is located in ipv6/trusted.conf
|
||||
# Values: no | yes (default)
|
||||
EnableTrustedv6Hosts="yes"
|
||||
|
|
@ -131,4 +131,26 @@ function allow_all_loopback {
|
|||
${debug} ${DebugColor} "allow_all_loopback: loaded"
|
||||
${VER_IPTABLES} -A ${InPreRules} -i lo -j ACCEPT
|
||||
${VER_IPTABLES} -A ${OutPreRules} -o lo -j ACCEPT
|
||||
}
|
||||
|
||||
function allow_trusted_hosts {
|
||||
IP_VERSION=$1
|
||||
case $IP_VERSION in
|
||||
ipv6) VER_IPTABLES=${IP6TABLES};
|
||||
IPVER="6" ;;
|
||||
ipv4|*) VER_IPTABLES=${IPTABLES}
|
||||
IPVER="4" ;;
|
||||
esac
|
||||
${debug} ${DebugColor} "allow_trusted_hosts: loading"
|
||||
if [ -e "${FWCONFIGDIR}/ipv${IPVER}/trusted.conf" ]; then
|
||||
for i in `grep -v "\#" "${FWCONFIGDIR}/ipv${IPVER}/trusted.conf"`; do
|
||||
${VER_IPTABLES} -A ${InPreRules} -s $i -j ACCEPT
|
||||
${VER_IPTABLES} -A ${OutPreRules} -d $i -j ACCEPT
|
||||
done
|
||||
${debug} ${DebugColor} "allow_trusted_hosts: done"
|
||||
else
|
||||
${display} RED "File Missing: ${FWCONFIGDIR}/ipv${IPVER}/trusted.conf"
|
||||
${display} RED "Error: can not load trusted hosts file."
|
||||
${debug} ${DebugColor} "allow_trusted_hosts: failed"
|
||||
fi
|
||||
}
|
||||
Loading…
Reference in New Issue