brielle
/
SRFirewall
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 6 Wiki Activity
Browse Source

Looks like we don't need quotes since its at the end of the options

tags/v2.1a1
Brielle Bruns 6 years ago
parent
e89e9ad1b5
commit
7a9e72881c
7 changed files with 6 additions and 12 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -3
      etc/ipv4/acl.conf
  2. +1
    -2
      etc/ipv4/forward.conf
  3. +0
    -1
      etc/ipv4/nat.conf
  4. +1
    -2
      etc/ipv6/acl.conf
  5. +1
    -2
      etc/ipv6/forward.conf
  6. +1
    -1
      etc/ipv6/nat.conf
  7. +0
    -1
      lib/iptables.inc

+ 2
- 3
etc/ipv4/acl.conf View File

@@ -15,12 +15,11 @@
# Syn: Optional, only match (not) syn packets (syn | notsyn )
# State: Optional, set the connection tracking states ( comma separated list )
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
# (must surround with quotes)

#
# You can use '-' for optional fields
#============================================================
#<dir> <action> <interface> <src-address> <src-port> <dst-address> <dst-port> <protocol> <syn> <state> <custom>
#IN ACCEPT eth0 10.0.0.1 22 - - tcp -
#IN DROP - - - - 22 tcp syn
#IN ACCEPT eth0 192.168.0.0/24 - 192.168.1.0/24 - - - "-m policy --dir in --pol ipsec --proto esp"
#IN ACCEPT eth0 192.168.0.0/24 - 192.168.1.0/24 - - - -m policy --dir in --pol ipsec --proto esp


+ 1
- 2
etc/ipv4/forward.conf View File

@@ -18,7 +18,6 @@
# Syn: Optional, only match (not) syn packets (syn | notsyn )
# State: Optional, set the connection tracking states ( comma separated list )
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
# (must surround with quotes)
#
# You can use '-' for optional fields
#============================================================
@@ -27,6 +26,6 @@
#DROP eth1 192.168.2.0/24 eth0 0/0 no
#DROP eth0 - eth1 192.168.0.0/24 no - 1:1024 tcp syn NEW
#ACCEPT eth1 - eth0 - no - - udp - NEW,ESTABLISHED,RELATED
#IN ACCEPT eth0 192.168.0.0/24 eth1 192.168.1.0/24 yes - - - - - "-m policy --dir in --pol ipsec --proto esp"
#IN ACCEPT eth0 192.168.0.0/24 eth1 192.168.1.0/24 yes - - - - - -m policy --dir in --pol ipsec --proto esp



+ 0
- 1
etc/ipv4/nat.conf View File

@@ -10,7 +10,6 @@
# Destination Interface: Optional for all but MASQ ( interface name, aka eth0 )
# Destination Address: Required for all but MASQ ( IP address with optional netmask )
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
# (must surround with quotes)
# You can use '-' for optional fields
#============================================================
#<type> <src-interface> <src-address> <dst-interface> <dst-address> <custom>


+ 1
- 2
etc/ipv6/acl.conf View File

@@ -15,11 +15,10 @@
# Syn: Optional, only match (not) syn packets (syn | notsyn )
# State: Optional, set the connection tracking states ( comma separated list )
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
# (must surround with quotes)
#
# You can use '-' for optional fields
#============================================================
#<dir> <action> <interface> <src-address> <src-port> <dst-address> <dst-port> <protocol> <syn> <state> <custom>
#IN ACCEPT eth0 2002:dead:beef::/64 22 - - tcp -
#IN DROP - - - - 22 tcp syn
#IN ACCEPT eth0 2002:dead:beef::/64 - 2002:dead:bfff::/64 - - - "-m policy --dir in --pol ipsec --proto esp"
#IN ACCEPT eth0 2002:dead:beef::/64 - 2002:dead:bfff::/64 - - - -m policy --dir in --pol ipsec --proto esp

+ 1
- 2
etc/ipv6/forward.conf View File

@@ -18,7 +18,6 @@
# Syn: Optional, only match (not) syn packets (syn | notsyn )
# State: Optional, set the connection tracking states ( comma separated list )
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
# (must surround with quotes)
#
# You can use '-' for optional fields
#============================================================
@@ -27,4 +26,4 @@
#DROP eth1 2002::/64 eth0 2001::/3 no
#DROP eth0 2001::/3 eth1 2002:dead:beef::/64 no - 1:1024 tcp syn
#ACCEPT eth1 - eth0 - no - - udp - NEW,ESTABLISHED,RELATED
#IN ACCEPT eth0 2002:dead:beef::/64 eth1 2002:dead:bfff::/64 yes - - - - - "-m policy --dir in --pol ipsec --proto esp"
#IN ACCEPT eth0 2002:dead:beef::/64 eth1 2002:dead:bfff::/64 yes - - - - - -m policy --dir in --pol ipsec --proto esp

+ 1
- 1
etc/ipv6/nat.conf View File

@@ -10,7 +10,7 @@
# Destination Interface: Optional for all but MASQ ( interface name, aka eth0 )
# Destination Address: Required for all but MASQ ( IP address with optional netmask )
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
# (must surround with quotes)
#
# You can use '-' for optional fields
#============================================================
#<type> <src-interface> <src-address> <dst-interface> <dst-address> <custom>


+ 0
- 1
lib/iptables.inc View File

@@ -486,7 +486,6 @@ function enable_nat {
[[ ${srcaddress} == "-" ]] && srcaddress=""
[[ ${custom} == "-" ]] && custom=""

${VER_IPTABLES} -A ${NAT} -t nat ${srcaddress} ${action} ${dstinterface} ${dstaddress} ${custom}
#${VER_IPTABLES} -A ${FwdFilter} ${M_STATE} ${C_STATE} RELATED,ESTABLISHED,NEW ${srcinterface} ${srcaddress} ${dstinterface} -j ACCEPT
#${VER_IPTABLES} -A ${FwdFilter} ${M_STATE} ${C_STATE} RELATED,ESTABLISHED ${revsrcinterface} ${revsrcaddress} ${revdstinterface} -j ACCEPT


Write Preview
Loading…
Cancel
Save