brielle
/
SRFirewall
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 6 Wiki Activity
Browse Source

tags/v2.01a1
bbruns@gmail.com 7 years ago
parent
c94af28d78
commit
a1852a5e66
3 changed files with 33 additions and 8 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      bin/srfirewall
  2. +2
    -2
      etc/chains.conf
  3. +30
    -5
      lib/iptables.inc

+ 1
- 1
bin/srfirewall View File

@@ -60,7 +60,7 @@ if [[ "${EnableIPv4}" == "yes" ]]; then
# Create the chain sets we'll need and the ones that can be
# customized by users in their custom rules
setup_iptables_chains ipv4
fi


+ 2
- 2
etc/chains.conf View File

@@ -25,11 +25,11 @@ InFilter="In-Filter"
OutFilter="Out-Filter"
CustomNAT="CustomNAT"
CustomPostRouting="CustomPostRouting"
NAT="NAT"
CustomPortForward="Custom-PortFW"
CustomPreRouting="Custom-PreRouting"
PortForward="PortForward"


+ 30
- 5
lib/iptables.inc View File

@@ -57,13 +57,14 @@ function iptables_policy_reset {
# setup_iptables_chains (ipv4|ipv6)
# Creates the default chains when called
function setup_uptables_chains {
function setup_iptables_chains {
IP_VERSION=$1
case $IP_VERSION in
ipv6) VER_IPTABLES=${IP6TABLES} ;;
ipv4|*) VER_IPTABLES=${IPTABLES} ;;
esac
${display_c} GREEN "Setting up default chains for ${IP_VERSION}..."
# Create the actual chains
${display_c} GREEN "Setting up chains for ${IP_VERSION}..."
${VER_IPTABLES} -N ${InCustomPreRules}
${VER_IPTABLES} -N ${InPreRules}
${VER_IPTABLES} -N ${OutCustomPreRules}
@@ -77,12 +78,36 @@ function setup_uptables_chains {
${VER_IPTABLES} -N ${OutFilter}
${VER_IPTABLES} -N ${FwdCustomFilter}
${VER_IPTABLES} -N ${FwdFilter}
${VER_IPTABLES} -N ${CustomNAT}
${VER_IPTABLES} -N ${CustomPostRouting}
${VER_IPTABLES} -N ${NAT}
${VER_IPTABLES} -N ${CustomPortForward}
${VER_IPTABLES} -N ${CustomPreRouting}
${VER_IPTABLES} -N ${PortForward}
${VER_IPTABLES} -N ${InCustomPostRules}
${VER_IPTABLES} -N ${InPostRules}
${VER_IPTABLES} -N ${OutCustomPostRules}
${VER_IPTABLES} -N ${InPostRules}
${VER_IPTABLES} -N ${OutPostRules}
# Set up rules - the order matters - we do it separately here
# for easy viewing of order
${VER_IPTABLES} -A INPUT -j ${InCustomPreRules}
${VER_IPTABLES} -A INPUT -j ${InPreRules}
${VER_IPTABLES} -A OUTPUT -j ${OutCustomPreRules}
${VER_IPTABLES} -A OUTPUT -j ${OutPreRules}
${VER_IPTABLES} -A INPUT -j ${Trusted}
${VER_IPTABLES} -A INPUT -j ${InEasyBlock}
${VER_IPTABLES} -A OUTPUT -j ${OutEasyBlock}
${VER_IPTABLES} -A INPUT -j ${InCustomFilter}
${VER_IPTABLES} -A INPUT -j ${InFilter}
${VER_IPTABLES} -A OUTPUT -j ${OutCustomFilter}
${VER_IPTABLES} -A OUTPUT -j ${OutFilter}
${VER_IPTABLES} -A FORWARD -j ${FwdCustomFilter}
${VER_IPTABLES} -A FORWARD -j ${FwdFilter}
${VER_IPTABLES} -A POSTROUTING -j ${CustomPostRouting}
${VER_IPTABLES} -A POSTROUTING -j ${NAT}
${VER_IPTABLES} -A PREROUTING -j ${CustomPreRouting}
${VER_IPTABLES} -A PREROUTING -j ${PortForward}
${VER_IPTABLES} -A INPUT -j ${InCustomPostRules}
${VER_IPTABLES} -A INPUT -j ${InPostRules}
${VER_IPTABLES} -A OUTPUT -j ${OutCustomPostRules}
${VER_IPTABLES} -A OUTPUT -j${OutPostRules}
}

Write Preview
Loading…
Cancel
Save