More framework

7 years ago · 8533148fa3
--- a/etc/chains.conf
+++ b/etc/chains.conf
@@ -1,42 +1,14 @@
 # Chain name mapping
 # Don't change these unless you know what your doing

 InCustomPreRules="In-CustomPreRules"

 InPreRules="In-PreRules"

 OutCustomPreRules="Out-CustomPreRules"

 OutPreRules="Out-PreRules"

 Trusted="In-Trusted"

 InEasyBlock="In-EasyBlock"

 OutEasyBlock="Out-EasyBlock"

 InCustomFilter="In-CustomFilter"

 OutCustomFilter="Out-CustomFilter"

 FwdCustomFilter="Fwd-CustomFilter"

 InFilter="In-Filter"

 OutFilter="Out-Filter"

 CustomPostRouting="CustomPostRouting"

 NAT="NAT"

 CustomPreRouting="Custom-PreRouting"

 PortForward="PortForward"

 InCustomPostRules="In-CustomPostRules"

 InPostRules="In-PostRules"

 OutCustomOstRules="Out-CustomPostRules"

 OutPostRules="Out-PostRules"
--- a/etc/ipv4/custom.conf
+++ b/etc/ipv4/custom.conf
@@ -0,0 +1,14 @@
 # These are the custom files that can be used to inject rules during loading.  Please don't change them
 # unless you have a good reason.
 # To allow variable propagation/change and some creative changes of rules that I haven't tought of,
 # these files are sourced into the main file during setup of the order of chains.

 $V4CUSTPREFIX="${FWPREFIX}/ipv4/"

 $v4_Custom_Pre="$V4CUSTPREFIX/prerun.sh"
 $v4_Custom_Trust="$V4CUSTPREFIX/trusted.sh"
 $v4_Custom_EasyBlock="$V4CUSTPREFIX/easyblock.sh"
 $v4_Custom_Filter="$V4CUSTPREFIX/filter.sh"
 $v4_Custom_NAT="$V4CUSTPREFIX/nat.sh"
 $v4_Custom_PortFw="$V4CUSTPREFIX/portfw.sh"
 $v4_Custom_Post="$V4CUSTPREFIX/postrun.sh"
--- a/etc/ipv4/custom/easyblock.sh
+++ b/etc/ipv4/custom/easyblock.sh
@@ -0,0 +1,6 @@
 # This file is sourced by the main srfirewall program to inject
 # custom commands/rules during specific moments of the firewall
 # setup.
 #
 # In particular this file injects/commands rules:
 # Before the easyblock in/out rules are setup
--- a/etc/ipv4/custom/filter.sh
+++ b/etc/ipv4/custom/filter.sh
@@ -0,0 +1,6 @@
 # This file is sourced by the main srfirewall program to inject
 # custom commands/rules during specific moments of the firewall
 # setup.
 #
 # In particular this file injects/commands rules:
 # Before the main filter rules are set up
--- a/etc/ipv4/custom/nat.sh
+++ b/etc/ipv4/custom/nat.sh
@@ -0,0 +1,6 @@
 # This file is sourced by the main srfirewall program to inject
 # custom commands/rules during specific moments of the firewall
 # setup.
 #
 # In particular this file injects/commands rules:
 # Before the main nat rules are set up
--- a/etc/ipv4/custom/portfw.sh
+++ b/etc/ipv4/custom/portfw.sh
@@ -0,0 +1,6 @@
 # This file is sourced by the main srfirewall program to inject
 # custom commands/rules during specific moments of the firewall
 # setup.
 #
 # In particular this file injects/commands rules:
 # Before the main port forwardings are set up
--- a/etc/ipv4/custom/postrun.sh
+++ b/etc/ipv4/custom/postrun.sh
@@ -0,0 +1,6 @@
 # This file is sourced by the main srfirewall program to inject
 # custom commands/rules during specific moments of the firewall
 # setup.
 #
 # In particular this file injects/commands rules:
 # Before the final post rules are set up
--- a/etc/ipv4/custom/prerules.sh
+++ b/etc/ipv4/custom/prerules.sh
@@ -0,0 +1,6 @@
 # This file is sourced by the main srfirewall program to inject
 # custom commands/rules during specific moments of the firewall
 # setup.
 #
 # In particular this file injects/commands rules:
 # Before the main chains are setup.
--- a/etc/ipv4/custom/trusted.sh
+++ b/etc/ipv4/custom/trusted.sh
@@ -0,0 +1,6 @@
 # This file is sourced by the main srfirewall program to inject
 # custom commands/rules during specific moments of the firewall
 # setup.
 #
 # In particular this file injects/commands rules:
 # Before the trusted chains are set up
--- a/etc/ipv6/custom.conf
+++ b/etc/ipv6/custom.conf
@@ -0,0 +1,14 @@
 # These are the custom files that can be used to inject rules during loading.  Please don't change them
 # unless you have a good reason.
 # To allow variable propagation/change and some creative changes of rules that I haven't tought of,
 # these files are sourced into the main file during setup of the order of chains.

 $V6CUSTPREFIX="${FWPREFIX}/ipv6/"

 $v6_Custom_Pre="$V6CUSTPREFIX/prerun.sh"
 $v6_Custom_Trust="$V6CUSTPREFIX/trusted.sh"
 $v6_Custom_EasyBlock="$V6CUSTPREFIX/easyblock.sh"
 $v6_Custom_Filter="$V6CUSTPREFIX/filter.sh"
 $v6_Custom_NAT="$V6CUSTPREFIX/nat.sh"
 $v6_Custom_PortFw="$V6CUSTPREFIX/portfw.sh"
 $v6_Custom_Post="$V6CUSTPREFIX/postrun.sh"
--- a/etc/ipv6/custom/easyblock.sh
+++ b/etc/ipv6/custom/easyblock.sh
@@ -0,0 +1,6 @@
 # This file is sourced by the main srfirewall program to inject
 # custom commands/rules during specific moments of the firewall
 # setup.
 #
 # In particular this file injects/commands rules:
 # Before the easyblock in/out rules are setup
--- a/etc/ipv6/custom/filter.sh
+++ b/etc/ipv6/custom/filter.sh
@@ -0,0 +1,6 @@
 # This file is sourced by the main srfirewall program to inject
 # custom commands/rules during specific moments of the firewall
 # setup.
 #
 # In particular this file injects/commands rules:
 # Before the main filter rules are set up
--- a/etc/ipv6/custom/nat.sh
+++ b/etc/ipv6/custom/nat.sh
@@ -0,0 +1,6 @@
 # This file is sourced by the main srfirewall program to inject
 # custom commands/rules during specific moments of the firewall
 # setup.
 #
 # In particular this file injects/commands rules:
 # Before the main nat rules are set up
--- a/etc/ipv6/custom/portfw.sh
+++ b/etc/ipv6/custom/portfw.sh
@@ -0,0 +1,6 @@
 # This file is sourced by the main srfirewall program to inject
 # custom commands/rules during specific moments of the firewall
 # setup.
 #
 # In particular this file injects/commands rules:
 # Before the main port forwardings are set up
--- a/etc/ipv6/custom/postrun.sh
+++ b/etc/ipv6/custom/postrun.sh
@@ -0,0 +1,6 @@
 # This file is sourced by the main srfirewall program to inject
 # custom commands/rules during specific moments of the firewall
 # setup.
 #
 # In particular this file injects/commands rules:
 # Before the final post rules are set up
--- a/etc/ipv6/custom/prerules.sh
+++ b/etc/ipv6/custom/prerules.sh
@@ -0,0 +1,6 @@
 # This file is sourced by the main srfirewall program to inject
 # custom commands/rules during specific moments of the firewall
 # setup.
 #
 # In particular this file injects/commands rules:
 # Before the main chains are setup.
--- a/etc/ipv6/custom/trusted.sh
+++ b/etc/ipv6/custom/trusted.sh
@@ -0,0 +1,6 @@
 # This file is sourced by the main srfirewall program to inject
 # custom commands/rules during specific moments of the firewall
 # setup.
 #
 # In particular this file injects/commands rules:
 # Before the trusted chains are set up
--- a/lib/iptables.inc
+++ b/lib/iptables.inc
@@ -60,54 +60,45 @@ function iptables_policy_reset {
 function setup_iptables_chains {
 	IP_VERSION=$1
 	case $IP_VERSION in
 		ipv6) VER_IPTABLES=${IP6TABLES} ;;
 		ipv4|*) VER_IPTABLES=${IPTABLES} ;;
 		ipv6) VER_IPTABLES=${IP6TABLES};
 				IPVER="6" ;;
 		ipv4|*) VER_IPTABLES=${IPTABLES}
 				IPVER="4" ;;
 	esac
 	# Create the actual chains
 	${display_c} GREEN "Setting up chains for ${IP_VERSION}..."
 	${VER_IPTABLES} -N ${InCustomPreRules}
 	${VER_IPTABLES} -N ${InPreRules}
 	${VER_IPTABLES} -N ${OutCustomPreRules}
 	${VER_IPTABLES} -N ${OutPreRules}
 	${VER_IPTABLES} -N ${Trusted}
 	${VER_IPTABLES} -N ${InEasyBlock}
 	${VER_IPTABLES} -N ${OutEasyBlock}
 	${VER_IPTABLES} -N ${InCustomFilter}
 	${VER_IPTABLES} -N ${InFilter}
 	${VER_IPTABLES} -N ${OutCustomFilter}
 	${VER_IPTABLES} -N ${OutFilter}
 	${VER_IPTABLES} -N ${FwdCustomFilter}
 	${VER_IPTABLES} -N ${FwdFilter}
 	${VER_IPTABLES} -N ${CustomPostRouting}
 	${VER_IPTABLES} -N ${NAT}
 	${VER_IPTABLES} -N ${CustomPreRouting}
 	${VER_IPTABLES} -N ${PortForward}
 	${VER_IPTABLES} -N ${InCustomPostRules}
 	${VER_IPTABLES} -N ${InPostRules}
 	${VER_IPTABLES} -N ${OutCustomPostRules}
 	${VER_IPTABLES} -N ${OutPostRules}
 	
 	# Set up rules - the order matters - we do it separately here
 	# for easy viewing of order
 	${VER_IPTABLES} -A INPUT -j ${InCustomPreRules}
 	if [ -x ${v${IPVER}_Custom_Pre} ]; then . ${v${IPVER}_Custom_Pre}; fi
 	${VER_IPTABLES} -A INPUT -j ${InPreRules}
 	${VER_IPTABLES} -A OUTPUT -j ${OutCustomPreRules}
 	${VER_IPTABLES} -A OUTPUT -j ${OutPreRules}
 	if [ -x ${v${IPVER}_Custom_Trust} ]; then . ${v${IPVER}_Custom_Trust}; fi
 	${VER_IPTABLES} -A INPUT -j ${Trusted}
 	if [ -x ${v${IPVER}_Custom_EasyBlock} ]; then . ${v${IPVER}_Custom_EasyBlock}; fi
 	${VER_IPTABLES} -A INPUT -j ${InEasyBlock}
 	${VER_IPTABLES} -A OUTPUT -j ${OutEasyBlock}
 	${VER_IPTABLES} -A INPUT -j ${InCustomFilter}
 	if [ -x ${v${IPVER}_Custom_Filter} ]; then . ${v${IPVER}_Custom_Filter}; fi
 	${VER_IPTABLES} -A INPUT -j ${InFilter}
 	${VER_IPTABLES} -A OUTPUT -j ${OutCustomFilter}
 	${VER_IPTABLES} -A OUTPUT -j ${OutFilter}
 	${VER_IPTABLES} -A FORWARD -j ${FwdCustomFilter}
 	${VER_IPTABLES} -A FORWARD -j ${FwdFilter}
 	${VER_IPTABLES} -A POSTROUTING -j ${CustomPostRouting}
 	if [ -x ${v${IPVER}_Custom_NAT} ]; then . ${v${IPVER}_Custom_NAT}; fi
 	${VER_IPTABLES} -A POSTROUTING -j ${NAT}
 	${VER_IPTABLES} -A PREROUTING -j ${CustomPreRouting}
 	if [ -x ${v${IPVER}_Custom_PortFw} ]; then . ${v${IPVER}_Custom_PortFw}; fi
 	${VER_IPTABLES} -A PREROUTING -j ${PortForward}
 	${VER_IPTABLES} -A INPUT -j ${InCustomPostRules}
 	if [ -x ${v${IPVER}_Custom_Post} ]; then . ${v${IPVER}_Custom_Post}; fi
 	${VER_IPTABLES} -A INPUT -j ${InPostRules}
 	${VER_IPTABLES} -A OUTPUT -j ${OutCustomPostRules}
 	${VER_IPTABLES} -A OUTPUT -j${OutPostRules}
 	${VER_IPTABLES} -A OUTPUT -j ${OutPostRules}
 }