brielle
/
SRFirewall
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 6 Wiki Activity
Browse Source

tags/v2.01a1
bbruns 7 years ago
parent
8a72b5b9cd
commit
70e84ee78a
1 changed files with 42 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +42
    -1
      lib/iptables.inc

+ 42
- 1
lib/iptables.inc View File

@@ -434,4 +434,45 @@ function enable_nat {
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done"
fi
}
}

function enable_services {
IP_VERSION=$1
case $IP_VERSION in
ipv6) VER_IPTABLES=${IP6TABLES};
IPVER="6" ;;
ipv4|*) VER_IPTABLES=${IPTABLES}
IPVER="4" ;;
esac
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} loading"
if [ -e "${FWCONFIGDIR}/ipv${IPVER}/services.conf" ]; then
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} read ${FWCONFIGDIR}/ipv${IPVER}/services.conf successful"
use_conntrack="no"
([[ ${IP_VERSION} == "ipv4" ]] && [[ ${Enablev4ConnectionTracking} == "yes" ]]) && conntrack_state="${M_STATE} ${C_STATE} NEW"
([[ ${IP_VERSION} == "ipv6" ]] && [[ ${Enablev6ConnectionTracking} == "yes" ]]) && conntrack_state="${M_STATE} ${C_STATE} NEW"
while read -r service protocol interface srcaddress; do
[[ ${service} = \#* ]] && continue
[[ ${service} = "" ]] && continue
[[ ${service} == "-" ]] \
&& ${display} RED "service.conf: Error - must begin with service name or port number: ${DEFAULT_COLOR}${service} ${protocol} ${interface} ${srcaddress}" && continue
[[ ${protocol} == "-" ]] \
&& ${display} RED "service.conf: Error - protocol can not be empty: ${DEFAULT_COLOR}${service} ${protocol} ${interface} ${srcaddress}" && continue

# Do some creative work with variables to make building the iptables rules fairly painless
[[ ${service} != "-" ]] && service="--dport ${service}"
[[ ${protocol} != "-" ]] && protocol="-p ${protocol}"
[[ ${interface} != "-" ]] && interface="-i ${interface}"
[[ ${srcaddress} != "-" ]] && srcaddress="-s ${srcaddress}"
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} Read: ${service} ${protocol} ${interface} ${srcaddress}"
# Blank variables that we're not going to use.
[[ ${interface} == "-" ]] && interface=""
[[ ${srcaddress} == "-" ]] && srcaddress=""
${VER_IPTABLES} -A ${InFilter} ${interface} ${address} ${protocol} ${port} ${conntrack_state} -j ACCEPT
done < "${FWCONFIGDIR}/ipv${IPVER}/services.conf"
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done"
fi
}

Write Preview
Loading…
Cancel
Save