Ver código fonte

tags/v2.01a1
bbruns@gmail.com 7 anos atrás
pai
commit
35504323b6
4 arquivos alterados com 40 adições e 1 exclusões
  1. +2
    -0
      bin/srfirewall
  2. +4
    -0
      etc/ipv4.conf
  3. +12
    -1
      etc/ipv6.conf
  4. +22
    -0
      lib/iptables.inc

+ 2
- 0
bin/srfirewall Ver arquivo

@@ -142,6 +142,7 @@ if [ "${EnableIPv4}" == "yes" ]; then
setup_iptables_chains ipv4
if [ "${AllowAllv4Loopback}" == "yes" ]; then allow_all_loopback ipv4; fi
if [ "${EnableTrustedv4Hosts}" == "yes" ]; then allow_trusted_hosts ipv4; fi
fi

# Do IPv4 IPTables Rules
@@ -154,5 +155,6 @@ if [ "${EnableIPv6}" == "yes" ]; then
setup_iptables_chains ipv6
if [ "${AllowAllv6Loopback}" == "yes" ]; then allow_all_loopback ipv6; fi
if [ "${EnableTrustedv6Hosts}" == "yes" ]; then allow_trusted_hosts ipv6; fi
fi


+ 4
- 0
etc/ipv4.conf Ver arquivo

@@ -10,6 +10,10 @@ AllowAllv4Loopback="yes"
# Very early on rules to allow for trusted machines to access
# this machine. Rather important and helps keep you from getting
# locked out should the firewalling rules go bad.
#
# IMPORTANT: Hosts put in the trusted file will have complete
# and unfettered access to the host, ignoring all other rules.
#
# Config file is located in ipv4/trusted.conf
# Values: no | yes (default)
EnableTrustedv4Hosts="yes"

+ 12
- 1
etc/ipv6.conf Ver arquivo

@@ -5,4 +5,15 @@
# Good idea to keep this turned on, but if you so wish to,
# you can disable it here.
# Values: no | yes (default)
AllowAllv6Loopback="yes"
AllowAllv6Loopback="yes"

# Very early on rules to allow for trusted machines to access
# this machine. Rather important and helps keep you from getting
# locked out should the firewalling rules go bad.
#
# IMPORTANT: Hosts put in the trusted file will have complete
# and unfettered access to the host, ignoring all other rules.
#
# Config file is located in ipv6/trusted.conf
# Values: no | yes (default)
EnableTrustedv6Hosts="yes"

+ 22
- 0
lib/iptables.inc Ver arquivo

@@ -131,4 +131,26 @@ function allow_all_loopback {
${debug} ${DebugColor} "allow_all_loopback: loaded"
${VER_IPTABLES} -A ${InPreRules} -i lo -j ACCEPT
${VER_IPTABLES} -A ${OutPreRules} -o lo -j ACCEPT
}

function allow_trusted_hosts {
IP_VERSION=$1
case $IP_VERSION in
ipv6) VER_IPTABLES=${IP6TABLES};
IPVER="6" ;;
ipv4|*) VER_IPTABLES=${IPTABLES}
IPVER="4" ;;
esac
${debug} ${DebugColor} "allow_trusted_hosts: loading"
if [ -e "${FWCONFIGDIR}/ipv${IPVER}/trusted.conf" ]; then
for i in `grep -v "\#" "${FWCONFIGDIR}/ipv${IPVER}/trusted.conf"`; do
${VER_IPTABLES} -A ${InPreRules} -s $i -j ACCEPT
${VER_IPTABLES} -A ${OutPreRules} -d $i -j ACCEPT
done
${debug} ${DebugColor} "allow_trusted_hosts: done"
else
${display} RED "File Missing: ${FWCONFIGDIR}/ipv${IPVER}/trusted.conf"
${display} RED "Error: can not load trusted hosts file."
${debug} ${DebugColor} "allow_trusted_hosts: failed"
fi
}

Carregando…
Cancelar
Salvar