brielle/Firewall-SOSDG
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

More...

Browse Source
This commit is contained in:
bruns@2mbit.com 2009-08-23 22:47:45 +00:00
parent c8b0a5d109
commit 4578afcb52
1 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
rc.firewall
View File

@ -175,15 +175,6 @@ if [ $IPV6 ]; then
done done
echo -ne "\n" echo -ne "\n"
if [ $IPV6ROUTEDCLIENTBLOCK ]; then
$IP6TABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IP6TABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IP6TABLES -A FORWARD -i $IPV6INT -o $IPV6LAN -p tcp --syn -j DROP
$IP6TABLES -A INPUT -i $IPV6INT -p tcp --syn -j DROP
$IP6TABLES -A INPUT -i $IPV6INT -p udp ! --dport 32768:65535 -j DROP
$IP6TABLES -A FORWARD -i $IPV6INT -o $IPV6LAN -p udp ! --dport 32768:65535 -j DROP
fi
echo -n "Adding allowed IPv6 port: " echo -n "Adding allowed IPv6 port: "
for i in $IPV6TCP; do for i in $IPV6TCP; do
@ -199,6 +190,17 @@ if [ $IPV6 ]; then
done done
echo -en "\n" echo -en "\n"
if [ $IPV6ROUTEDCLIENTBLOCK ]; then
$IP6TABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IP6TABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IP6TABLES -A FORWARD -i $IPV6INT -o $IPV6LAN -p tcp --syn -j DROP
$IP6TABLES -A INPUT -i $IPV6INT -p tcp --syn -j DROP
$IP6TABLES -A INPUT -i $IPV6INT -p udp ! --dport 32768:65535 -j DROP
$IP6TABLES -A FORWARD -i $IPV6INT -o $IPV6LAN -p udp ! --dport 32768:65535 -j DROP
fi
if [ $IPV6FORWARDRANGE ]; then if [ $IPV6FORWARDRANGE ]; then
for i in $IPV6FORWARDRANGE; do for i in $IPV6FORWARDRANGE; do
$IP6TABLES -A FORWARD -s $i -j ACCEPT $IP6TABLES -A FORWARD -s $i -j ACCEPT