SRFirewall/bin/srfirewall

71 lines
2.4 KiB
Plaintext
Raw Normal View History

2014-03-01 09:57:03 -07:00
#/bin/bash
# By Brielle Bruns <bruns@2mbit.com>
# URL: http://www.sosdg.org/freestuff/firewall
# License: GPLv3
#
# Copyright (C) 2009 - 2014 Brielle Bruns
# Copyright (C) 2009 - 2014 The Summit Open Source Development Group
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Static config options, normally do not need to change
FW_VERSION="2.0"
# Important directory locations
FWPREFIX="/usr/local"
2014-03-01 11:23:05 -07:00
FWCONFIGDIR="${FWPREFIX}/etc/srfirewall"
FWLIBDIR="${FWPREFIX}/lib/srfirewall"
2014-03-01 09:57:03 -07:00
FWBINDIR="${FWPREFIX}/bin"
# Begin sourcing critical files, because we need things like path right away
source "${FWCONFIGDIR}/main.conf"
source "${FWLIBDIR}/binaries.inc"
source "${FWLIBDIR}/iptables.inc"
source "${FWLIBDIR}/display.inc"
2014-03-01 11:23:05 -07:00
source "${FWCONFIGDIR}/chains.conf"
source "${FWCONFIGDIR}/ipv4.conf"
source "${FWCONFIGDIR}/ipv6.conf"
2014-03-01 09:57:03 -07:00
# We require at least bash v3 or later at this point given some of the more complex
# operations we do to make the firewall script work.
if (( ${BASH_VERSINFO[0]} <= "2" )); then
echo "Error: We can only run with bash 3.0 or higher. Please upgrade your version"
echo "of bash to something more recent, preferably the latest which is, as of this"
echo "writing, 4.x"
exit 1
2014-03-01 11:23:05 -07:00
fi
# Swap out display_c command for dummy command if they don't want
# output when command is run.
if [[ "${DisplayDetailedOutput" == "yes" ]]; then
display="display_c"
else
display="true"
fi
if [[ "${EnableIPv4}" == "yes" ]]; then
# First flush all rules
iptables_rules_flush ipv4
# Create the chain sets we'll need and the ones that can be
# customized by users in their custom rules
2014-03-01 11:42:17 -07:00
setup_iptables_chains ipv4
2014-03-01 11:23:05 -07:00
fi
if [[ "${EnableIPv6}" == "yes" ]]; then
# First flush all rules
iptables_rules_flush ipv6
2014-03-01 09:57:03 -07:00
fi