Custom chains work...

master
bbruns 2014-02-16 20:48:39 +00:00
parent b423c982d9
commit 890776e9e9
1 changed files with 10 additions and 9 deletions

View File

@ -204,15 +204,16 @@ fi
# Trying to better clean up some of my code, so lets try using some custom chains # Trying to better clean up some of my code, so lets try using some custom chains
$IPTABLES -N BLACKHOLE $IPTABLES -N BLACKHOLE
$IPTABLES -N TRUSTED $IPTABLES -N TRUSTED-IN
$IPTABLES -N TRUSTED-OUT
$IPTABLES -A INPUT -j TRUSTED $IPTABLES -A INPUT -j TRUSTED-IN
$IPTABLES -A OUTPUT -j TRUSTED $IPTABLES -A OUTPUT -j TRUSTED-OUT
$IPTABLES -A INPUT -j BLACKHOLE $IPTABLES -A INPUT -j BLACKHOLE
$IPTABLES -A OUTPUT -j BLACKHOLE $IPTABLES -A OUTPUT -j BLACKHOLE
$IPTABLES -A TRUSTED -i lo -j ACCEPT $IPTABLES -A TRUSTED-IN -i lo -j ACCEPT
$IPTABLES -A TRUSTED -o lo -j ACCEPT $IPTABLES -A TRUSTED-OUT -o lo -j ACCEPT
if [ -s "$BASEDIR/include/ipv4_custom_trust" ]; then if [ -s "$BASEDIR/include/ipv4_custom_trust" ]; then
display_c YELLOW "Loading custom trust rules..." display_c YELLOW "Loading custom trust rules..."
@ -223,8 +224,8 @@ if [ "$TRUSTEDIP" ]; then
display_c YELLOW "Adding trusted IP: " N display_c YELLOW "Adding trusted IP: " N
for i in $TRUSTEDIP; do for i in $TRUSTEDIP; do
echo -n "$i " echo -n "$i "
$IPTABLES -A INPUT -s $i -j ACCEPT $IPTABLES -A TRUSTED-IN -s $i -j ACCEPT
$IPTABLES -A OUTPUT -d $i -j ACCEPT $IPTABLES -A TRUSTED-OUT -d $i -j ACCEPT
done done
echo -ne "\n" echo -ne "\n"
fi fi
@ -252,11 +253,11 @@ if [ "$DNS_REQUESTS_OUT" ]; then
DNSIP_COUNT_CURR=1 DNSIP_COUNT_CURR=1
for ((i=$DNSIP_COUNT_CURR; i <= $DNSIP_NUM; i++)); do for ((i=$DNSIP_COUNT_CURR; i <= $DNSIP_NUM; i++)); do
if [ ${DNSREQ[$i]} ]; then if [ ${DNSREQ[$i]} ]; then
${IPTABLES} -A INPUT -i ${SRCIF} -p udp --sport 53 -s ${DNSREQ[$i]} --destination-port 1024:65535 -j ACCEPT ${IPTABLES} -A TRUSTED-IN -i ${SRCIF} -p udp --sport 53 -s ${DNSREQ[$i]} --destination-port 1024:65535 -j ACCEPT
fi fi
done done
else else
${IPTABLES} -A INPUT -i $i -p udp --sport 53 --destination-port 1024:65535 -j ACCEPT ${IPTABLES} -A TRUSTED-IN -i $i -p udp --sport 53 --destination-port 1024:65535 -j ACCEPT
fi fi
done done
fi fi