brielle
/
Firewall-SOSDG
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added new options for blocked IPs

master
bruns@2mbit.com 2009-08-30 00:52:40 +00:00
parent 318b51cc45
commit 58cadfeca3
4 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -1,5 +1,6 @@
0.6 - Brielle Bruns <bruns@2mbit.com> 0.6 - Brielle Bruns <bruns@2mbit.com>
- Fixed some potential ordering issues with NAT - Fixed some potential ordering issues with NAT
- Added file for blocked IPs, plus new config option
0.5 - Brielle Bruns <bruns@2mbit.com> 0.5 - Brielle Bruns <bruns@2mbit.com>
- Fixing ipv6 UDP firewalling rules - Fixing ipv6 UDP firewalling rules

1
blocked Normal file
View File

@ -0,0 +1 @@
# List of IPs to block outright

3
options.default
View File

@ -52,6 +52,9 @@ NATRANGE="192.168.1.0/24"
NATEXTIP="172.16.1.1" NATEXTIP="172.16.1.1"
NATEXTIF="eth0" NATEXTIF="eth0"
# IP Ranges to block all traffic incoming/outgoing
BLOCKEDIP=$BASEDIR/blocked
# IPv6 related features. Commenting out IPV6 variable disables ALL # IPv6 related features. Commenting out IPV6 variable disables ALL
# IPv6 related items # IPv6 related items

12
rc.firewall
View File

@ -33,6 +33,18 @@ for i in $TRUSTEDIP; do
done done
echo -ne "\n" echo -ne "\n"
echo -n "Adding blocked IPs: "
if [ $BLOCKEDIP ]; then
for i in `grep -v "\#" $BLOCKEDIP`; do
echo -n "$i"
$IPTABLES -A INPUT -s $i -j DENY
$IPTABLES -A OUTPUT -d $i -j DENY
done
fi
echo -ne "\n"
if [ $CLAMPMSS ]; then if [ $CLAMPMSS ]; then
echo "Clamping MSS to PMTU..." echo "Clamping MSS to PMTU..."
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \ iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \