Custom chains work...
parent
b423c982d9
commit
890776e9e9
|
@ -204,15 +204,16 @@ fi
|
||||||
|
|
||||||
# Trying to better clean up some of my code, so lets try using some custom chains
|
# Trying to better clean up some of my code, so lets try using some custom chains
|
||||||
$IPTABLES -N BLACKHOLE
|
$IPTABLES -N BLACKHOLE
|
||||||
$IPTABLES -N TRUSTED
|
$IPTABLES -N TRUSTED-IN
|
||||||
|
$IPTABLES -N TRUSTED-OUT
|
||||||
|
|
||||||
$IPTABLES -A INPUT -j TRUSTED
|
$IPTABLES -A INPUT -j TRUSTED-IN
|
||||||
$IPTABLES -A OUTPUT -j TRUSTED
|
$IPTABLES -A OUTPUT -j TRUSTED-OUT
|
||||||
$IPTABLES -A INPUT -j BLACKHOLE
|
$IPTABLES -A INPUT -j BLACKHOLE
|
||||||
$IPTABLES -A OUTPUT -j BLACKHOLE
|
$IPTABLES -A OUTPUT -j BLACKHOLE
|
||||||
|
|
||||||
$IPTABLES -A TRUSTED -i lo -j ACCEPT
|
$IPTABLES -A TRUSTED-IN -i lo -j ACCEPT
|
||||||
$IPTABLES -A TRUSTED -o lo -j ACCEPT
|
$IPTABLES -A TRUSTED-OUT -o lo -j ACCEPT
|
||||||
|
|
||||||
if [ -s "$BASEDIR/include/ipv4_custom_trust" ]; then
|
if [ -s "$BASEDIR/include/ipv4_custom_trust" ]; then
|
||||||
display_c YELLOW "Loading custom trust rules..."
|
display_c YELLOW "Loading custom trust rules..."
|
||||||
|
@ -223,8 +224,8 @@ if [ "$TRUSTEDIP" ]; then
|
||||||
display_c YELLOW "Adding trusted IP: " N
|
display_c YELLOW "Adding trusted IP: " N
|
||||||
for i in $TRUSTEDIP; do
|
for i in $TRUSTEDIP; do
|
||||||
echo -n "$i "
|
echo -n "$i "
|
||||||
$IPTABLES -A INPUT -s $i -j ACCEPT
|
$IPTABLES -A TRUSTED-IN -s $i -j ACCEPT
|
||||||
$IPTABLES -A OUTPUT -d $i -j ACCEPT
|
$IPTABLES -A TRUSTED-OUT -d $i -j ACCEPT
|
||||||
done
|
done
|
||||||
echo -ne "\n"
|
echo -ne "\n"
|
||||||
fi
|
fi
|
||||||
|
@ -252,11 +253,11 @@ if [ "$DNS_REQUESTS_OUT" ]; then
|
||||||
DNSIP_COUNT_CURR=1
|
DNSIP_COUNT_CURR=1
|
||||||
for ((i=$DNSIP_COUNT_CURR; i <= $DNSIP_NUM; i++)); do
|
for ((i=$DNSIP_COUNT_CURR; i <= $DNSIP_NUM; i++)); do
|
||||||
if [ ${DNSREQ[$i]} ]; then
|
if [ ${DNSREQ[$i]} ]; then
|
||||||
${IPTABLES} -A INPUT -i ${SRCIF} -p udp --sport 53 -s ${DNSREQ[$i]} --destination-port 1024:65535 -j ACCEPT
|
${IPTABLES} -A TRUSTED-IN -i ${SRCIF} -p udp --sport 53 -s ${DNSREQ[$i]} --destination-port 1024:65535 -j ACCEPT
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
${IPTABLES} -A INPUT -i $i -p udp --sport 53 --destination-port 1024:65535 -j ACCEPT
|
${IPTABLES} -A TRUSTED-IN -i $i -p udp --sport 53 --destination-port 1024:65535 -j ACCEPT
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in New Issue