Browse Source

tags/v2.01a1
bbruns@gmail.com 7 years ago
parent
commit
8e9f9638ad
4 changed files with 30 additions and 3 deletions
  1. +3
    -1
      bin/srfirewall
  2. +3
    -1
      etc/ipv4.conf
  3. +3
    -1
      etc/ipv6.conf
  4. +21
    -0
      lib/iptables.inc

+ 3
- 1
bin/srfirewall View File

@@ -150,6 +150,7 @@ if [ "${EnableIPv4}" == "yes" ]; then
[ "${EnableTrustedv4Hosts}" == "yes" ] && allow_trusted_hosts ipv4
[ "${Enablev4MSSClamp}" == "yes" ] && enable_mss_clamp ipv4
[ "${DNSClientUsev4ResolvConf}" == "yes" ] && allow_resolvconf_servers ipv4
[ "${DNSClientManualv4Servers}" ] && allow_dnsclient_manual ipv4 ${DNSClientManualv4Servers}
fi

# Do IPv6 IPTables Rules
@@ -158,12 +159,13 @@ if [ "${EnableIPv6}" == "yes" ]; then
iptables_rules_flush ipv6
# Create the chain sets we'll need and the ones that can be
# customized by users in their custom rules
# customized by users in their custom rules
setup_iptables_chains ipv6
[ "${AllowAllv6Loopback}" == "yes" ] && allow_all_loopback ipv6
[ "${EnableTrustedv6Hosts}" == "yes" ] && allow_trusted_hosts ipv6
[ "${Enablev6MSSClamp}" == "yes" ] && enable_mss_clamp ipv6
[ "${DNSClientUsev6ResolvConf}" == "yes" ] && allow_resolvconf_servers ipv6
[ "${DNSClientManualv6Servers}" ] && allow_dnsclient_manual ipv6 ${DNSClientManualv6Servers}
fi


+ 3
- 1
etc/ipv4.conf View File

@@ -33,5 +33,7 @@ Enablev4MSSClamp="yes"
DNSClientUsev4ResolvConf="yes"
ResolvConfv4File="/etc/resolv.conf"

# Uncomment below if you set above to no.
# Uncomment below if you set above to no. You can still manually define your servers
# here if you want. Useful at times.
# Values: space separated IP list of DNS servers
#DNSClientManualv4Servers=""

+ 3
- 1
etc/ipv6.conf View File

@@ -33,5 +33,7 @@ Enablev6MSSClamp="yes"
DNSClientUsev6ResolvConf="yes"
ResolvConfv6File="/etc/resolv.conf"

# Uncomment below if you set above to no.
# Uncomment below if you set above to no. You can still manually define your servers
# here if you want. Useful at times.
# Values: space separated IP list of DNS servers
#DNSClientManualv6Servers=""

+ 21
- 0
lib/iptables.inc View File

@@ -206,4 +206,25 @@ function allow_resolvconf_servers {
${VER_IPTABLES} -A ${OutPreRules} -p tcp -s ${server} --sport 1024:65535 --dport 53 -j ACCEPT
${VER_IPTABLES} -A ${InPreRules} -p tcp -d ${server} --dport 1024:65535 --sport 53 -j ACCEPT
done < "${ResolvConfFile}"
${debug} ${DebugColor} "${FUNCNAME}: done"
}

function allow_dnsclient_manual {
IP_VERSION=$1
case $IP_VERSION in
ipv6) VER_IPTABLES=${IP6TABLES};
IPVER="6" ;;
ipv4|*) VER_IPTABLES=${IPTABLES}
IPVER="4" ;;
esac
DNS_SERVERS="$2-"
${debug} ${DebugColor} "${FUNCNAME}: loading"
for i in ${DNS_SERVERS}; do
${debug} ${DebugColor} "${FUNCNAME}: Added ${i} to DNS client trusted list"
${VER_IPTABLES} -A ${OutPreRules} -p udp -s ${i} --sport 1024:65535 --dport 53 -j ACCEPT
${VER_IPTABLES} -A ${InPreRules} -p udp -d ${i} --dport 1024:65535 --sport 53 -j ACCEPT
${VER_IPTABLES} -A ${OutPreRules} -p tcp -s ${i} --sport 1024:65535 --dport 53 -j ACCEPT
${VER_IPTABLES} -A ${InPreRules} -p tcp -d ${i} --dport 1024:65535 --sport 53 -j ACCEPT
done
${debug} ${DebugColor} "${FUNCNAME}: done"
}

Loading…
Cancel
Save