Kaynağa Gözat

These indirect variables are annoying the crap out of me. Removing them for now until I've had time to make them actually work. For now, no easily custom names for custom injection files.

tags/v2.01a1
bbruns@gmail.com 7 yıl önce
ebeveyn
işleme
8da9f8b978
5 değiştirilmiş dosya ile 13 ekleme ve 35 silme
  1. +0
    -14
      etc/ipv4/custom.conf
  2. +0
    -0
      etc/ipv4/custom/prerun.sh
  3. +0
    -14
      etc/ipv6/custom.conf
  4. +6
    -0
      etc/ipv6/custom/prerun.sh
  5. +7
    -7
      lib/iptables.inc

+ 0
- 14
etc/ipv4/custom.conf Dosyayı Görüntüle

@@ -1,14 +0,0 @@
# These are the custom files that can be used to inject rules during loading. Please don't change them
# unless you have a good reason.
# To allow variable propagation/change and some creative changes of rules that I haven't tought of,
# these files are sourced into the main file during setup of the order of chains.

$V4CUSTPREFIX="${FWPREFIX}/ipv4/"

$v4_Custom_Pre="$V4CUSTPREFIX/prerun.sh"
$v4_Custom_Trust="$V4CUSTPREFIX/trusted.sh"
$v4_Custom_EasyBlock="$V4CUSTPREFIX/easyblock.sh"
$v4_Custom_Filter="$V4CUSTPREFIX/filter.sh"
$v4_Custom_NAT="$V4CUSTPREFIX/nat.sh"
$v4_Custom_PortFw="$V4CUSTPREFIX/portfw.sh"
$v4_Custom_Post="$V4CUSTPREFIX/postrun.sh"

etc/ipv6/custom/prerules.sh → etc/ipv4/custom/prerun.sh Dosyayı Görüntüle


+ 0
- 14
etc/ipv6/custom.conf Dosyayı Görüntüle

@@ -1,14 +0,0 @@
# These are the custom files that can be used to inject rules during loading. Please don't change them
# unless you have a good reason.
# To allow variable propagation/change and some creative changes of rules that I haven't tought of,
# these files are sourced into the main file during setup of the order of chains.

$V6CUSTPREFIX="${FWPREFIX}/ipv6/"

$v6_Custom_Pre="$V6CUSTPREFIX/prerun.sh"
$v6_Custom_Trust="$V6CUSTPREFIX/trusted.sh"
$v6_Custom_EasyBlock="$V6CUSTPREFIX/easyblock.sh"
$v6_Custom_Filter="$V6CUSTPREFIX/filter.sh"
$v6_Custom_NAT="$V6CUSTPREFIX/nat.sh"
$v6_Custom_PortFw="$V6CUSTPREFIX/portfw.sh"
$v6_Custom_Post="$V6CUSTPREFIX/postrun.sh"

+ 6
- 0
etc/ipv6/custom/prerun.sh Dosyayı Görüntüle

@@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before the main chains are setup.

+ 7
- 7
lib/iptables.inc Dosyayı Görüntüle

@@ -83,23 +83,23 @@ function setup_iptables_chains {
# Set up rules - the order matters - we do it separately here
# for easy viewing of order
if [ -x ${v${IPVER}_Custom_Pre} ]; then . ${v${IPVER}_Custom_Pre}; fi
if [ -x ${FWCONFIGDIR}/ipv${IPVER}/custom/prerun.sh ]; then . ${FWCONFIGDIR}/ipv${IPVER}/custom/prerun.sh; fi
${VER_IPTABLES} -A INPUT -j ${InPreRules}
${VER_IPTABLES} -A OUTPUT -j ${OutPreRules}
if [ -x ${v${IPVER}_Custom_Trust} ]; then . ${v${IPVER}_Custom_Trust}; fi
if [ -x ${FWCONFIGDIR}/ipv${IPVER}/custom/trusted.sh ]; then . ${FWCONFIGDIR}/ipv${IPVER}/custom/trusted.sh; fi
${VER_IPTABLES} -A INPUT -j ${Trusted}
if [ -x ${v${IPVER}_Custom_EasyBlock} ]; then . ${v${IPVER}_Custom_EasyBlock}; fi
if [ -x ${FWCONFIGDIR}/ipv${IPVER}/custom/easyblock.sh ]; then . ${FWCONFIGDIR}/ipv${IPVER}/custom/easyblock.sh; fi
${VER_IPTABLES} -A INPUT -j ${InEasyBlock}
${VER_IPTABLES} -A OUTPUT -j ${OutEasyBlock}
if [ -x ${v${IPVER}_Custom_Filter} ]; then . ${v${IPVER}_Custom_Filter}; fi
if [ -x ${FWCONFIGDIR}/ipv${IPVER}/custom/filter.sh ]; then . ${FWCONFIGDIR}/ipv${IPVER}/custom/filter.sh; fi
${VER_IPTABLES} -A INPUT -j ${InFilter}
${VER_IPTABLES} -A OUTPUT -j ${OutFilter}
${VER_IPTABLES} -A FORWARD -j ${FwdFilter}
if [ -x ${v${IPVER}_Custom_NAT} ]; then . ${v${IPVER}_Custom_NAT}; fi
if [ -x ${FWCONFIGDIR}/ipv${IPVER}/custom/nat.sh ]; then . ${FWCONFIGDIR}/ipv${IPVER}/custom/nat.sh; fi
${VER_IPTABLES} -A POSTROUTING -j ${NAT}
if [ -x ${v${IPVER}_Custom_PortFw} ]; then . ${v${IPVER}_Custom_PortFw}; fi
if [ -x ${FWCONFIGDIR}/ipv${IPVER}/custom/portfw.sh ]; then . ${FWCONFIGDIR}/ipv${IPVER}/custom/portfw.sh; fi
${VER_IPTABLES} -A PREROUTING -j ${PortForward}
if [ -x ${v${IPVER}_Custom_Post} ]; then . ${v${IPVER}_Custom_Post}; fi
if [ -x ${FWCONFIGDIR}/ipv${IPVER}/custom/postrun.sh ]; then . ${FWCONFIGDIR}/ipv${IPVER}/custom/postrun.sh; fi
${VER_IPTABLES} -A INPUT -j ${InPostRules}
${VER_IPTABLES} -A OUTPUT -j ${OutPostRules}
}

Yükleniyor…
İptal
Kaydet