2014-03-01 09:57:03 -07:00
|
|
|
#/bin/bash
|
|
|
|
# By Brielle Bruns <bruns@2mbit.com>
|
|
|
|
# URL: http://www.sosdg.org/freestuff/firewall
|
|
|
|
# License: GPLv3
|
|
|
|
#
|
|
|
|
# Copyright (C) 2009 - 2014 Brielle Bruns
|
|
|
|
# Copyright (C) 2009 - 2014 The Summit Open Source Development Group
|
|
|
|
#
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
# Static config options, normally do not need to change
|
|
|
|
FW_VERSION="2.0"
|
|
|
|
|
|
|
|
# Important directory locations
|
|
|
|
FWPREFIX="/usr/local"
|
2014-03-01 11:23:05 -07:00
|
|
|
FWCONFIGDIR="${FWPREFIX}/etc/srfirewall"
|
|
|
|
FWLIBDIR="${FWPREFIX}/lib/srfirewall"
|
2014-03-01 09:57:03 -07:00
|
|
|
FWBINDIR="${FWPREFIX}/bin"
|
|
|
|
|
|
|
|
# Begin sourcing critical files, because we need things like path right away
|
|
|
|
source "${FWCONFIGDIR}/main.conf"
|
|
|
|
source "${FWLIBDIR}/binaries.inc"
|
|
|
|
source "${FWLIBDIR}/iptables.inc"
|
|
|
|
source "${FWLIBDIR}/display.inc"
|
|
|
|
|
2014-03-01 11:23:05 -07:00
|
|
|
source "${FWCONFIGDIR}/chains.conf"
|
|
|
|
source "${FWCONFIGDIR}/ipv4.conf"
|
|
|
|
source "${FWCONFIGDIR}/ipv6.conf"
|
|
|
|
|
2014-03-01 09:57:03 -07:00
|
|
|
# We require at least bash v3 or later at this point given some of the more complex
|
|
|
|
# operations we do to make the firewall script work.
|
|
|
|
if (( ${BASH_VERSINFO[0]} <= "2" )); then
|
|
|
|
echo "Error: We can only run with bash 3.0 or higher. Please upgrade your version"
|
|
|
|
echo "of bash to something more recent, preferably the latest which is, as of this"
|
|
|
|
echo "writing, 4.x"
|
|
|
|
exit 1
|
2014-03-01 11:23:05 -07:00
|
|
|
fi
|
|
|
|
|
|
|
|
# Swap out display_c command for dummy command if they don't want
|
|
|
|
# output when command is run.
|
|
|
|
if [[ "${DisplayDetailedOutput" == "yes" ]]; then
|
|
|
|
display="display_c"
|
|
|
|
else
|
|
|
|
display="true"
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ "${EnableIPv4}" == "yes" ]]; then
|
|
|
|
# First flush all rules
|
|
|
|
iptables_rules_flush ipv4
|
|
|
|
|
|
|
|
# Create the chain sets we'll need and the ones that can be
|
|
|
|
# customized by users in their custom rules
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ "${EnableIPv6}" == "yes" ]]; then
|
|
|
|
# First flush all rules
|
|
|
|
iptables_rules_flush ipv6
|
2014-03-01 09:57:03 -07:00
|
|
|
fi
|