Adding custom code files

include/bogon-bn-agg.txt

@@ -1,23 +0,0 @@
-0.0.0.0/7
-5.0.0.0/8
-14.0.0.0/8
-23.0.0.0/8
-27.0.0.0/8
-31.0.0.0/8
-36.0.0.0/7
-39.0.0.0/8
-42.0.0.0/8
-49.0.0.0/8
-50.0.0.0/8
-100.0.0.0/6
-104.0.0.0/6
-127.0.0.0/8
-169.254.0.0/16
-176.0.0.0/7
-179.0.0.0/8
-181.0.0.0/8
-185.0.0.0/8
-192.0.2.0/24
-198.18.0.0/15
-223.0.0.0/8
-224.0.0.0/3

include/update-bogons

@@ -1,41 +0,0 @@
-#!/bin/bash
-# Script to auto update bogons file for use with firewall script
-
-VERSION="0.1"
-WGET=/usr/bin/wget
-PREFIX=`pwd`
-BOGONSFILE=$PREFIX/bogon-bn-agg.txt
-BOGONSURL="http://www.cymru.com/Documents/bogon-bn-agg.txt"
-REMOVECIDR="(192.168.0.0|10.0.0.0|172.16.0.0)"
-
-
-if [ ! -x $WGET ]; then
-	echo "wget command not found or executable.  Please"
-	echo "edit the update-bogons script."
-	exit 1
-fi
-
-
-echo "Bogons update script - Version $VERSION"
-echo -e "Part of Firewall/SOSDG - http://www.sosdg.org \n"
-echo "Uses The Team Cymru Bogon List located at:"
-echo -e "http://www.cymru.com/Documents/bogon-list.html\n"
-
-if `wget -q -O $BOGONSFILE.new $BOGONSURL`; then
-	echo "Downloaded new bogons file..."
-	mv $BOGONSFILE $BOGONSFILE.old &>/dev/null
-	echo "Backed up $BOGONSFILE to .old..."
-	if [ $REMOVECIDR ]; then
-		grep -vE -e "$REMOVECIDR" $BOGONSFILE.new > $BOGONSFILE
-		echo "Removed blocks listed in REMOVECIDR..."
-		rm -f $BOGONSFILE.new
-	else
-		mv $BOGONSFILE.new $BOGONSFILE
-		echo "Replaced old bogons file with new one."
-	fi
-else
-	echo "Error downloading bogons file.  Please try again later."
-	rm -f $BOGONSFILE.new
-	exit 1
-fi
-exit 0

rc.firewall

@@ -61,6 +61,12 @@ if [ "$STRIPECN" ]; then
 echo -ne "\n"
 fi
 
+if [ -s "$BASEDIR/include/ipv4_custom_mssclamp" ]; then
+	echo -e "\E[33mLoading custom MSS Clamp rules...\E[37m"
+	. "$BASEDIR/include/ipv4_custom_mssclamp"
+	echo -ne "\n"
+fi
+
 if [ "$CLAMPMSS" ]; then
 	echo -e "\E[33mClamping MSS to PMTU...\E[37m"
 	for i in $CLAMPMSS; do
@@ -84,6 +90,12 @@ fi
 $IPTABLES -A INPUT -j DROP -p udp --dport domain -m u32 --u32 \
 "0>>22&0x3C@12>>16=1&&0>>22&0x3C@20>>24=0&&0>>22&0x3C@21=0x00020001"
 
+if [ -s "$BASEDIR/include/ipv4_custom_conntrack" ]; then
+	echo -e "\E[33mLoading custom conntrack rules...\E[37m"
+	. "$BASEDIR/include/ipv4_custom_conntrack"
+	echo -ne "\n"
+fi
+
 if [ $CONNTRACK ]; then
 	$IPTABLES -A INPUT -m state --state NEW -j ACCEPT
 	$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
@@ -96,6 +108,12 @@ if [ $CONNTRACK ]; then
 	$IPTABLES -A FORWARD -m state --state INVALID -j DROP
 fi
 
+if [ -s "$BASEDIR/include/ipv4_custom_blockports" ]; then
+	echo -e "\E[33mLoading custom blocked port rules...\E[37m"
+	. "$BASEDIR/include/ipv4_custom_blockports"
+	echo -ne "\n"
+fi
+
 if [ "$BLOCKTCPPORTS" ] || [ "$BLOCKUDPPORTS" ]; then
 	echo -en "\E[33mBlocking outbound port:\E[37m "
 
@@ -124,6 +142,12 @@ if [ "$BLOCKTCPPORTS" ] || [ "$BLOCKUDPPORTS" ]; then
 	echo -en "\n"
 fi
 
+if [ -s "$BASEDIR/include/ipv4_custom_allowedports" ]; then
+	echo -e "\E[33mLoading custom allowed port rules...\E[37m"
+	. "$BASEDIR/include/ipv4_custom_allowedports"
+	echo -ne "\n"
+fi
+
 if [ "$TCPPORTS" ] || [ "$UDPPORTS" ]; then
 	echo -en "\E[33mAdding allowed port:\E[37m "
 
@@ -147,6 +171,12 @@ fi
 
 
 
+if [ -s "$BASEDIR/include/ipv4_custom_proto" ]; then
+	echo -e "\E[33mLoading custom protocol rules...\E[37m"
+	. "$BASEDIR/include/ipv4_custom_proto"
+	echo -ne "\n"
+fi
+
 if [ "$ALLOWEDPROTO" ]; then
 	echo -en "\E[33mAdding allowed protocols:\E[37m "
 	for i in $ALLOWEDPROTO; do
@@ -157,6 +187,13 @@ if [ "$ALLOWEDPROTO" ]; then
 	echo -en "\n\E[37m"
 fi
 
+
+if [ -s "$BASEDIR/include/ipv4_custom_notrack" ]; then
+	echo -e "\E[33mLoading custom NOTRACK rules...\E[37m"
+	. "$BASEDIR/include/ipv4_custom_notrack"
+	echo -ne "\n"
+fi
+
 if [ $CONNTRACK ]; then
 	for i in $DONTTRACK; do
 		$IPTABLES -t raw -I PREROUTING -s $i -j NOTRACK
@@ -167,6 +204,12 @@ if [ $CONNTRACK ]; then
 fi
 
 
+if [ -s "$BASEDIR/include/ipv4_custom_routing" ]; then
+	echo -e "\E[33mLoading custom routing rules...\E[37m"
+	. "$BASEDIR/include/ipv4_custom_routing"
+	echo -ne "\n"
+fi
+
 if [ $ROUTING ]; then
 	echo -en "\E[33mAdding route:\E[37m "
 	for i in `grep -v "\#" $ROUTING`; do
@@ -196,6 +239,12 @@ echo -ne "\n"
 fi
 
 
+if [ -s "$BASEDIR/include/ipv4_custom_portforward" ]; then
+	echo -e "\E[33mLoading custom port forwarding rules...\E[37m"
+	. "$BASEDIR/include/ipv4_custom_portforward"
+	echo -ne "\n"
+fi
+
 if [ $PORTFW ] && [ $NAT ]; then
 	echo -en "\E[33mAdding port forward for:\E[37m "
 	for i in `grep -v "\#" $PORTFW`; do
@@ -215,8 +264,11 @@ if [ $LANDHCPSERVER ]; then
 fi
 
 
-
-
+if [ -s "$BASEDIR/include/ipv4_custom_nat" ]; then
+	echo -e "\E[33mLoading custom nat rules...\E[37m"
+	. "$BASEDIR/include/ipv4_custom_nat"
+	echo -ne "\n"
+fi
 
 if [ $NAT ]; then
 	for i in $NATRANGE; do
@@ -233,6 +285,13 @@ $IPTABLES --policy INPUT ACCEPT
 $IPTABLES --policy OUTPUT ACCEPT
 $IPTABLES --policy FORWARD DROP
 
+
+if [ -s "$BASEDIR/include/ipv4_custom_blockincoming" ]; then
+	echo -e "\E[33mLoading custom incoming blocked rules...\E[37m"
+	. "$BASEDIR/include/ipv4_custom_blockincoming"
+	echo -ne "\n"
+fi
+
 if [ $BLOCKINCOMING ]; then
 		$IPTABLES -A INPUT -p tcp --syn -j DROP
 		$IPTABLES -A INPUT -p udp -j DROP