Added new options for blocked IPs

2009-08-30 00:52:40 +00:00 · 2009-08-30 00:52:40 +00:00 · 58cadfeca3
parent 318b51cc45
commit 58cadfeca3
4 changed files with 17 additions and 0 deletions
--- a/1
+++ b/1
@ -1,5 +1,6 @@
 0.6 - Brielle Bruns <bruns@2mbit.com>
 	- Fixed some potential ordering issues with NAT
+	- Added file for blocked IPs, plus new config option

 0.5 - Brielle Bruns <bruns@2mbit.com>
 	- Fixing ipv6 UDP firewalling rules
--- a/1
+++ b/1
@ -0,0 +1 @@
+# List of IPs to block outright
--- a/options.default
+++ b/options.default
@ -52,6 +52,9 @@ NATRANGE="192.168.1.0/24"
 NATEXTIP="172.16.1.1"
 NATEXTIF="eth0"

+# IP Ranges to block all traffic incoming/outgoing
+BLOCKEDIP=$BASEDIR/blocked
+

 # IPv6 related features.  Commenting out IPV6 variable disables ALL
 # IPv6 related items
--- a/rc.firewall
+++ b/rc.firewall
@ -33,6 +33,18 @@ for i in $TRUSTEDIP; do
 done
 echo -ne "\n"

+echo -n "Adding blocked IPs: "
+
+if [ $BLOCKEDIP ]; then
+	for i in `grep -v "\#" $BLOCKEDIP`; do
+		echo -n "$i"
+		$IPTABLES -A INPUT -s $i -j DENY
+		$IPTABLES -A OUTPUT -d $i -j DENY
+	done
+fi
+
+echo -ne "\n"
+
 if [ $CLAMPMSS ]; then
 	echo "Clamping MSS to PMTU..."
 	iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \