Browse Source

More framework

master
bbruns@gmail.com 7 years ago
parent
commit
8533148fa3
  1. 28
      etc/chains.conf
  2. 14
      etc/ipv4/custom.conf
  3. 6
      etc/ipv4/custom/easyblock.sh
  4. 6
      etc/ipv4/custom/filter.sh
  5. 6
      etc/ipv4/custom/nat.sh
  6. 6
      etc/ipv4/custom/portfw.sh
  7. 6
      etc/ipv4/custom/postrun.sh
  8. 6
      etc/ipv4/custom/prerules.sh
  9. 6
      etc/ipv4/custom/trusted.sh
  10. 14
      etc/ipv6/custom.conf
  11. 6
      etc/ipv6/custom/easyblock.sh
  12. 6
      etc/ipv6/custom/filter.sh
  13. 6
      etc/ipv6/custom/nat.sh
  14. 6
      etc/ipv6/custom/portfw.sh
  15. 6
      etc/ipv6/custom/postrun.sh
  16. 6
      etc/ipv6/custom/prerules.sh
  17. 6
      etc/ipv6/custom/trusted.sh
  18. 33
      lib/iptables.inc

28
etc/chains.conf

@ -1,42 +1,14 @@
# Chain name mapping
# Don't change these unless you know what your doing
InCustomPreRules="In-CustomPreRules"
InPreRules="In-PreRules"
OutCustomPreRules="Out-CustomPreRules"
OutPreRules="Out-PreRules"
Trusted="In-Trusted"
InEasyBlock="In-EasyBlock"
OutEasyBlock="Out-EasyBlock"
InCustomFilter="In-CustomFilter"
OutCustomFilter="Out-CustomFilter"
FwdCustomFilter="Fwd-CustomFilter"
InFilter="In-Filter"
OutFilter="Out-Filter"
CustomPostRouting="CustomPostRouting"
NAT="NAT"
CustomPreRouting="Custom-PreRouting"
PortForward="PortForward"
InCustomPostRules="In-CustomPostRules"
InPostRules="In-PostRules"
OutCustomOstRules="Out-CustomPostRules"
OutPostRules="Out-PostRules"

14
etc/ipv4/custom.conf

@ -0,0 +1,14 @@
# These are the custom files that can be used to inject rules during loading. Please don't change them
# unless you have a good reason.
# To allow variable propagation/change and some creative changes of rules that I haven't tought of,
# these files are sourced into the main file during setup of the order of chains.
$V4CUSTPREFIX="${FWPREFIX}/ipv4/"
$v4_Custom_Pre="$V4CUSTPREFIX/prerun.sh"
$v4_Custom_Trust="$V4CUSTPREFIX/trusted.sh"
$v4_Custom_EasyBlock="$V4CUSTPREFIX/easyblock.sh"
$v4_Custom_Filter="$V4CUSTPREFIX/filter.sh"
$v4_Custom_NAT="$V4CUSTPREFIX/nat.sh"
$v4_Custom_PortFw="$V4CUSTPREFIX/portfw.sh"
$v4_Custom_Post="$V4CUSTPREFIX/postrun.sh"

6
etc/ipv4/custom/easyblock.sh

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before the easyblock in/out rules are setup

6
etc/ipv4/custom/filter.sh

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before the main filter rules are set up

6
etc/ipv4/custom/nat.sh

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before the main nat rules are set up

6
etc/ipv4/custom/portfw.sh

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before the main port forwardings are set up

6
etc/ipv4/custom/postrun.sh

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before the final post rules are set up

6
etc/ipv4/custom/prerules.sh

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before the main chains are setup.

6
etc/ipv4/custom/trusted.sh

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before the trusted chains are set up

14
etc/ipv6/custom.conf

@ -0,0 +1,14 @@
# These are the custom files that can be used to inject rules during loading. Please don't change them
# unless you have a good reason.
# To allow variable propagation/change and some creative changes of rules that I haven't tought of,
# these files are sourced into the main file during setup of the order of chains.
$V6CUSTPREFIX="${FWPREFIX}/ipv6/"
$v6_Custom_Pre="$V6CUSTPREFIX/prerun.sh"
$v6_Custom_Trust="$V6CUSTPREFIX/trusted.sh"
$v6_Custom_EasyBlock="$V6CUSTPREFIX/easyblock.sh"
$v6_Custom_Filter="$V6CUSTPREFIX/filter.sh"
$v6_Custom_NAT="$V6CUSTPREFIX/nat.sh"
$v6_Custom_PortFw="$V6CUSTPREFIX/portfw.sh"
$v6_Custom_Post="$V6CUSTPREFIX/postrun.sh"

6
etc/ipv6/custom/easyblock.sh

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before the easyblock in/out rules are setup

6
etc/ipv6/custom/filter.sh

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before the main filter rules are set up

6
etc/ipv6/custom/nat.sh

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before the main nat rules are set up

6
etc/ipv6/custom/portfw.sh

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before the main port forwardings are set up

6
etc/ipv6/custom/postrun.sh

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before the final post rules are set up

6
etc/ipv6/custom/prerules.sh

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before the main chains are setup.

6
etc/ipv6/custom/trusted.sh

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before the trusted chains are set up

33
lib/iptables.inc

@ -60,54 +60,45 @@ function iptables_policy_reset {
function setup_iptables_chains {
IP_VERSION=$1
case $IP_VERSION in
ipv6) VER_IPTABLES=${IP6TABLES} ;;
ipv4|*) VER_IPTABLES=${IPTABLES} ;;
ipv6) VER_IPTABLES=${IP6TABLES};
IPVER="6" ;;
ipv4|*) VER_IPTABLES=${IPTABLES}
IPVER="4" ;;
esac
# Create the actual chains
${display_c} GREEN "Setting up chains for ${IP_VERSION}..."
${VER_IPTABLES} -N ${InCustomPreRules}
${VER_IPTABLES} -N ${InPreRules}
${VER_IPTABLES} -N ${OutCustomPreRules}
${VER_IPTABLES} -N ${OutPreRules}
${VER_IPTABLES} -N ${Trusted}
${VER_IPTABLES} -N ${InEasyBlock}
${VER_IPTABLES} -N ${OutEasyBlock}
${VER_IPTABLES} -N ${InCustomFilter}
${VER_IPTABLES} -N ${InFilter}
${VER_IPTABLES} -N ${OutCustomFilter}
${VER_IPTABLES} -N ${OutFilter}
${VER_IPTABLES} -N ${FwdCustomFilter}
${VER_IPTABLES} -N ${FwdFilter}
${VER_IPTABLES} -N ${CustomPostRouting}
${VER_IPTABLES} -N ${NAT}
${VER_IPTABLES} -N ${CustomPreRouting}
${VER_IPTABLES} -N ${PortForward}
${VER_IPTABLES} -N ${InCustomPostRules}
${VER_IPTABLES} -N ${InPostRules}
${VER_IPTABLES} -N ${OutCustomPostRules}
${VER_IPTABLES} -N ${OutPostRules}
# Set up rules - the order matters - we do it separately here
# for easy viewing of order
${VER_IPTABLES} -A INPUT -j ${InCustomPreRules}
if [ -x ${v${IPVER}_Custom_Pre} ]; then . ${v${IPVER}_Custom_Pre}; fi
${VER_IPTABLES} -A INPUT -j ${InPreRules}
${VER_IPTABLES} -A OUTPUT -j ${OutCustomPreRules}
${VER_IPTABLES} -A OUTPUT -j ${OutPreRules}
if [ -x ${v${IPVER}_Custom_Trust} ]; then . ${v${IPVER}_Custom_Trust}; fi
${VER_IPTABLES} -A INPUT -j ${Trusted}
if [ -x ${v${IPVER}_Custom_EasyBlock} ]; then . ${v${IPVER}_Custom_EasyBlock}; fi
${VER_IPTABLES} -A INPUT -j ${InEasyBlock}
${VER_IPTABLES} -A OUTPUT -j ${OutEasyBlock}
${VER_IPTABLES} -A INPUT -j ${InCustomFilter}
if [ -x ${v${IPVER}_Custom_Filter} ]; then . ${v${IPVER}_Custom_Filter}; fi
${VER_IPTABLES} -A INPUT -j ${InFilter}
${VER_IPTABLES} -A OUTPUT -j ${OutCustomFilter}
${VER_IPTABLES} -A OUTPUT -j ${OutFilter}
${VER_IPTABLES} -A FORWARD -j ${FwdCustomFilter}
${VER_IPTABLES} -A FORWARD -j ${FwdFilter}
${VER_IPTABLES} -A POSTROUTING -j ${CustomPostRouting}
if [ -x ${v${IPVER}_Custom_NAT} ]; then . ${v${IPVER}_Custom_NAT}; fi
${VER_IPTABLES} -A POSTROUTING -j ${NAT}
${VER_IPTABLES} -A PREROUTING -j ${CustomPreRouting}
if [ -x ${v${IPVER}_Custom_PortFw} ]; then . ${v${IPVER}_Custom_PortFw}; fi
${VER_IPTABLES} -A PREROUTING -j ${PortForward}
${VER_IPTABLES} -A INPUT -j ${InCustomPostRules}
if [ -x ${v${IPVER}_Custom_Post} ]; then . ${v${IPVER}_Custom_Post}; fi
${VER_IPTABLES} -A INPUT -j ${InPostRules}
${VER_IPTABLES} -A OUTPUT -j ${OutCustomPostRules}
${VER_IPTABLES} -A OUTPUT -j${OutPostRules}
${VER_IPTABLES} -A OUTPUT -j ${OutPostRules}
}
Loading…
Cancel
Save