6 months ago · b19d4156d2
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,6 @@
 
				
				+2.1 Beta 1 - 11/19/2018
			
 
				
				+	- Add run-after  and run-before rules (custom/runafter.sh and custom/runbefore.sh)
			
 
				
				+
			
 
				
				 2.1 Alpha 3 - 04/25/2016
			
 
				
				 	- Fix issue with erasing variables in two different setups
			
 
				
				 	- mss clamp fix for fwd target
			
--- a/bin/srfirewall
+++ b/bin/srfirewall
@@ -174,6 +174,10 @@ fi
 
				
				 
			
 
				
				 # Do IPv4 IPTables Rules
			
 
				
				 if [ "${EnableIPv4}" == "yes" ]; then
			
 
				
				+
			
 
				
				+	# Commands to run before everything else
			
 
				
				+	if [ -x ${FWCONFIGDIR}/ipv4/custom/runbefore.sh ]; then . ${FWCONFIGDIR}/ipv4/custom/runbefore.sh; fi
			
 
				
				+	
			
 
				
				 	# First flush all rules
			
 
				
				 	iptables_rules_flush ipv4
			
 
				
				 	
			
@@ -203,10 +207,16 @@ if [ "${EnableIPv4}" == "yes" ]; then
 
				
				 	[[ ${Enablev4NAT} == "yes" ]] && enable_nat ipv4
			
 
				
				 	[[ ${Enablev4PortForwarding} == "yes" ]] && enable_portfw ipv4
			
 
				
				 	
			
 
				
				+	# Commands to run after everything else
			
 
				
				+	if [ -x ${FWCONFIGDIR}/ipv4/custom/runafter.sh ]; then . ${FWCONFIGDIR}/ipv4/custom/runafter.sh; fi
			
 
				
				+	
			
 
				
				 fi
			
 
				
				 
			
 
				
				 # Do IPv6 IPTables Rules
			
 
				
				 if [ "${EnableIPv6}" == "yes" ]; then
			
 
				
				+	# Commands to run before everything else
			
 
				
				+	if [ -x ${FWCONFIGDIR}/ipv6/custom/runbefore.sh ]; then . ${FWCONFIGDIR}/ipv6/custom/runbefore.sh; fi
			
 
				
				+	
			
 
				
				 	# First flush all rules
			
 
				
				 	iptables_rules_flush ipv6
			
 
				
				 	
			
@@ -237,5 +247,7 @@ if [ "${EnableIPv6}" == "yes" ]; then
 
				
				 	[[ ${Enablev6NAT} == "yes" ]] && enable_nat ipv6
			
 
				
				 	[[ ${Enablev6PortForwarding} == "yes" ]] && enable_portfw ipv6
			
 
				
				 	[[ ${EnableSysctlTweaks} == "yes" ]] && sysctl_tweaks
			
 
				
				+	# Commands to run after everything else
			
 
				
				+	if [ -x ${FWCONFIGDIR}/ipv6/custom/runafter.sh ]; then . ${FWCONFIGDIR}/ipv6/custom/runafter.sh; fi
			
 
				
				 fi
			
 
				
				 
			
--- a/etc/ipv4/custom/runafter.sh
+++ b/etc/ipv4/custom/runafter.sh
@@ -0,0 +1,6 @@
 
				
				+# This file is sourced by the main srfirewall program to inject
			
 
				
				+# custom commands/rules during specific moments of the firewall
			
 
				
				+# setup.
			
 
				
				+#
			
 
				
				+# In particular this file injects/commands rules:
			
 
				
				+# After all other things are done when the script loads
			
--- a/etc/ipv4/custom/runbefore.sh
+++ b/etc/ipv4/custom/runbefore.sh
@@ -0,0 +1,6 @@
 
				
				+# This file is sourced by the main srfirewall program to inject
			
 
				
				+# custom commands/rules during specific moments of the firewall
			
 
				
				+# setup.
			
 
				
				+#
			
 
				
				+# In particular this file injects/commands rules:
			
 
				
				+# Before all other things are done when the script loads
			
--- a/etc/ipv6/custom/runafter.sh
+++ b/etc/ipv6/custom/runafter.sh
@@ -0,0 +1,6 @@
 
				
				+# This file is sourced by the main srfirewall program to inject
			
 
				
				+# custom commands/rules during specific moments of the firewall
			
 
				
				+# setup.
			
 
				
				+#
			
 
				
				+# In particular this file injects/commands rules:
			
 
				
				+# After all other things are done when the script loads
			
--- a/etc/ipv6/custom/runbefore.sh
+++ b/etc/ipv6/custom/runbefore.sh
@@ -0,0 +1,6 @@
 
				
				+# This file is sourced by the main srfirewall program to inject
			
 
				
				+# custom commands/rules during specific moments of the firewall
			
 
				
				+# setup.
			
 
				
				+#
			
 
				
				+# In particular this file injects/commands rules:
			
 
				
				+# Before all other things are done when the script loads