brielle
/
SRFirewall
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 3 Wiki Activity
Browse Source

Looks like we don't need quotes since its at the end of the options

Brielle Bruns 3 years ago
parent
e89e9ad1b5
commit
7a9e72881c
7 changed files with 6 additions and 12 deletions
Split View Show Diff Stats
  1. 2
    3
      etc/ipv4/acl.conf
  2. 1
    2
      etc/ipv4/forward.conf
  3. 0
    1
      etc/ipv4/nat.conf
  4. 1
    2
      etc/ipv6/acl.conf
  5. 1
    2
      etc/ipv6/forward.conf
  6. 1
    1
      etc/ipv6/nat.conf
  7. 0
    1
      lib/iptables.inc

+ 2
- 3
etc/ipv4/acl.conf View File 

@@ -15,12 +15,11 @@
15 15 
 # Syn: Optional, only match (not) syn packets (syn | notsyn )
16 16 
 # State: Optional, set the connection tracking states ( comma separated list )
17 17 
 # Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
18 
-#	(must surround with quotes)
19 
-
18 
+#
20 19 
 # You can use '-' for optional fields
21 20 
 #============================================================
22 21 
 #<dir> <action> <interface> <src-address> <src-port> <dst-address> <dst-port> <protocol> <syn> <state> <custom>
23 22 
 #IN ACCEPT eth0 10.0.0.1 22 - - tcp -
24 23 
 #IN DROP - - - - 22 tcp syn
25 
-#IN ACCEPT eth0 192.168.0.0/24 - 192.168.1.0/24 - - - "-m policy --dir in --pol ipsec --proto esp"
24 
+#IN ACCEPT eth0 192.168.0.0/24 - 192.168.1.0/24 - - - -m policy --dir in --pol ipsec --proto esp
26 25

+ 1
- 2
etc/ipv4/forward.conf View File 

@@ -18,7 +18,6 @@
18 18 
 # Syn: Optional, only match (not) syn packets (syn | notsyn )
19 19 
 # State: Optional, set the connection tracking states ( comma separated list )
20 20 
 # Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
21 
-#	(must surround with quotes)
22 21 
 #
23 22 
 # You can use '-' for optional fields
24 23 
 #============================================================
 
@@ -27,6 +26,6 @@
27 26 
 #DROP eth1 192.168.2.0/24 eth0 0/0 no
28 27 
 #DROP eth0 - eth1 192.168.0.0/24 no - 1:1024 tcp syn NEW
29 28 
 #ACCEPT eth1 - eth0 - no - - udp - NEW,ESTABLISHED,RELATED
30 
-#IN ACCEPT eth0 192.168.0.0/24 eth1 192.168.1.0/24 yes - - - - - "-m policy --dir in --pol ipsec --proto esp"
29 
+#IN ACCEPT eth0 192.168.0.0/24 eth1 192.168.1.0/24 yes - - - - - -m policy --dir in --pol ipsec --proto esp
31 30
32 31

+ 0
- 1
etc/ipv4/nat.conf View File 

@@ -10,7 +10,6 @@
10 10 
 # Destination Interface: Optional for all but MASQ ( interface name, aka eth0 )
11 11 
 # Destination Address: Required for all but MASQ ( IP address with optional netmask )
12 12 
 # Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
13 
-#	(must surround with quotes)
14 13 
 # You can use '-' for optional fields
15 14 
 #============================================================
16 15 
 #<type> <src-interface> <src-address> <dst-interface> <dst-address> <custom>

+ 1
- 2
etc/ipv6/acl.conf View File 

@@ -15,11 +15,10 @@
15 15 
 # Syn: Optional, only match (not) syn packets (syn | notsyn )
16 16 
 # State: Optional, set the connection tracking states ( comma separated list )
17 17 
 # Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
18 
-#	(must surround with quotes)
19 18 
 #
20 19 
 # You can use '-' for optional fields
21 20 
 #============================================================
22 21 
 #<dir> <action> <interface> <src-address> <src-port> <dst-address> <dst-port> <protocol> <syn> <state> <custom>
23 22 
 #IN ACCEPT eth0 2002:dead:beef::/64 22	- -	tcp -
24 23 
 #IN DROP - - - - 22 tcp syn
25 
-#IN ACCEPT eth0 2002:dead:beef::/64 - 2002:dead:bfff::/64 - - - "-m policy --dir in --pol ipsec --proto esp"
24 
+#IN ACCEPT eth0 2002:dead:beef::/64 - 2002:dead:bfff::/64 - - - -m policy --dir in --pol ipsec --proto esp

+ 1
- 2
etc/ipv6/forward.conf View File 

@@ -18,7 +18,6 @@
18 18 
 # Syn: Optional, only match (not) syn packets (syn | notsyn )
19 19 
 # State: Optional, set the connection tracking states ( comma separated list )
20 20 
 # Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
21 
-#	(must surround with quotes)
22 21 
 #
23 22 
 # You can use '-' for optional fields
24 23 
 #============================================================
 
@@ -27,4 +26,4 @@
27 26 
 #DROP eth1 2002::/64 eth0 2001::/3 no
28 27 
 #DROP eth0 2001::/3 eth1 2002:dead:beef::/64 no - 1:1024 tcp syn
29 28 
 #ACCEPT eth1 - eth0 - no - - udp - NEW,ESTABLISHED,RELATED
30 
-#IN ACCEPT eth0 2002:dead:beef::/64 eth1 2002:dead:bfff::/64 yes - - - - - "-m policy --dir in --pol ipsec --proto esp"
29 
+#IN ACCEPT eth0 2002:dead:beef::/64 eth1 2002:dead:bfff::/64 yes - - - - - -m policy --dir in --pol ipsec --proto esp

+ 1
- 1
etc/ipv6/nat.conf View File 

@@ -10,7 +10,7 @@
10 10 
 # Destination Interface: Optional for all but MASQ ( interface name, aka eth0 )
11 11 
 # Destination Address: Required for all but MASQ ( IP address with optional netmask )
12 12 
 # Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
13 
-#	(must surround with quotes)
13 
+#
14 14 
 # You can use '-' for optional fields
15 15 
 #============================================================
16 16 
 #<type> <src-interface> <src-address> <dst-interface> <dst-address> <custom>

+ 0
- 1
lib/iptables.inc View File 

@@ -486,7 +486,6 @@ function enable_nat {
486 486 
 			[[ ${srcaddress} == "-" ]] && srcaddress=""
487 487 
 			[[ ${custom} == "-" ]] && custom=""
488 488
489 
-
490 489 
 			${VER_IPTABLES} -A ${NAT} -t nat ${srcaddress} ${action} ${dstinterface} ${dstaddress} ${custom}
491 490 
 			#${VER_IPTABLES} -A ${FwdFilter} ${M_STATE} ${C_STATE} RELATED,ESTABLISHED,NEW ${srcinterface} ${srcaddress} ${dstinterface} -j ACCEPT
492 491 
 			#${VER_IPTABLES} -A ${FwdFilter} ${M_STATE} ${C_STATE} RELATED,ESTABLISHED ${revsrcinterface} ${revsrcaddress} ${revdstinterface} -j ACCEPT