bbruns@gmail.com 2014-04-01 00:46:35 +00:00
parent df7fa9927a
commit 22d4c450e5
4 changed files with 12 additions and 10 deletions

View File

@ -169,6 +169,6 @@ if [ "${EnableIPv6}" == "yes" ]; then
[ "${Enablev6MSSClamp}" == "yes" ] && enable_mss_clamp ipv6 [ "${Enablev6MSSClamp}" == "yes" ] && enable_mss_clamp ipv6
[ "${DNSClientUsev6ResolvConf}" == "yes" ] && allow_resolvconf_servers ipv6 [ "${DNSClientUsev6ResolvConf}" == "yes" ] && allow_resolvconf_servers ipv6
[ "${DNSClientManualv6Servers}" ] && allow_dnsclient_manual ipv6 "${DNSClientManualv6Servers}" [ "${DNSClientManualv6Servers}" ] && allow_dnsclient_manual ipv6 "${DNSClientManualv6Servers}"
[ "${Enablev6EasyBlock" == "yes" ] && enable_easyblock ipv6 [ "${Enablev6EasyBlock}" == "yes" ] && enable_easyblock ipv6
fi fi

View File

@ -1,7 +1,7 @@
# Easy Block List # Easy Block List
# Use this file to set up quick and easy blocking of traffic # Use this file to set up quick and easy blocking of traffic
# Use tabs or single space to separate # Use tabs or single space to separate
#
# <direction> <interface> <address> <port> <protocol> # <direction> <interface> <address> <port> <protocol>
# #
# Direction: Required ( IN | OUT ) # Direction: Required ( IN | OUT )

View File

@ -1,7 +1,7 @@
# Easy Block List # Easy Block List
# Use this file to set up quick and easy blocking of traffic # Use this file to set up quick and easy blocking of traffic
# Use tabs or single space to separate # Use tabs or single space to separate
#
# <direction> <interface> <address> <port> <protocol> # <direction> <interface> <address> <port> <protocol>
# #
# Direction: Required ( IN | OUT ) # Direction: Required ( IN | OUT )

View File

@ -167,6 +167,7 @@ function enable_mss_clamp {
${debug} ${DebugColor} "${FUNCNAME}: read ${FWCONFIGDIR}/ipv${IPVER}/mss-clamp.conf successful" ${debug} ${DebugColor} "${FUNCNAME}: read ${FWCONFIGDIR}/ipv${IPVER}/mss-clamp.conf successful"
while read -r interface mss type; do while read -r interface mss type; do
[[ ${interface} = \#* ]] && continue [[ ${interface} = \#* ]] && continue
[[ ${interface} = "" ]] && continue
[[ ${mss} == "-" ]] && mss="1400:1536" [[ ${mss} == "-" ]] && mss="1400:1536"
[[ ${type} == "-" ]] && type="${OutFilter}" [[ ${type} == "-" ]] && type="${OutFilter}"
[[ ${type} == "out" ]] && type="${OutFilter}" [[ ${type} == "out" ]] && type="${OutFilter}"
@ -198,6 +199,7 @@ function allow_resolvconf_servers {
${debug} ${DebugColor} "${FUNCNAME}: Using ${ResolvConfFile} as resolv.conf" ${debug} ${DebugColor} "${FUNCNAME}: Using ${ResolvConfFile} as resolv.conf"
while read -r type server; do while read -r type server; do
[[ ${type} != "nameserver" ]] && continue [[ ${type} != "nameserver" ]] && continue
[[ ${type} = "" ]] && continue
# If we see a : in the server variable, we are most likely dealing with an ipv6 address # If we see a : in the server variable, we are most likely dealing with an ipv6 address
([[ ${server} =~ ":" ]] && [[ ${IP_VERSION} = "ipv4" ]]) && continue ([[ ${server} =~ ":" ]] && [[ ${IP_VERSION} = "ipv4" ]]) && continue
([[ ! ${server} =~ ":" ]] && [[ ${IP_VERSION} = "ipv6" ]]) && continue ([[ ! ${server} =~ ":" ]] && [[ ${IP_VERSION} = "ipv6" ]]) && continue
@ -243,13 +245,14 @@ function enable_easyblock {
${debug} ${DebugColor} "${FUNCNAME}: read ${FWCONFIGDIR}/ipv${IPVER}/easyblock.conf successful" ${debug} ${DebugColor} "${FUNCNAME}: read ${FWCONFIGDIR}/ipv${IPVER}/easyblock.conf successful"
while read -r direction interface address port protocol; do while read -r direction interface address port protocol; do
[[ ${direction} = \#* ]] && continue [[ ${direction} = \#* ]] && continue
[[ ${direction} = "" ]] && continue
# Do some creative work with variables to make building the iptables rules fairly painless # Do some creative work with variables to make building the iptables rules fairly painless
[[ ${port} != "-" ]] && port="--dport ${port}" [[ ${port} != "-" ]] && port="--dport ${port}"
([[ ${address} != "-" ]] && [[ ${direction} == "IN" ]] && address="-s ${address}" ([[ ${address} != "-" ]] && [[ ${direction} == "IN" ]]) && address="-s ${address}"
([[ ${address} != "-" ]] && [[ ${direction} == "OUT" ]] && address="-d ${address}" ([[ ${address} != "-" ]] && [[ ${direction} == "OUT" ]]) && address="-d ${address}"
([[ ${interface} != "-" ]] && [[ ${direction} == "IN" ]] && interface="-i ${interface}" ([[ ${interface} != "-" ]] && [[ ${direction} == "IN" ]]) && interface="-i ${interface}"
([[ ${interface} != "-" ]] && [[ ${direction} == "OUT" ]] && interface="-o ${interface}" ([[ ${interface} != "-" ]] && [[ ${direction} == "OUT" ]]) && interface="-o ${interface}"
[[ ${direction} == "OUT" ]] && chain="${OutEasyBlock}" [[ ${direction} == "OUT" ]] && chain="${OutEasyBlock}"
[[ ${direction} == "IN" ]] && chain="${InEasyBlock}" [[ ${direction} == "IN" ]] && chain="${InEasyBlock}"
[[ ${protocol} != "-" ]] && protocol="-p ${protocol}" [[ ${protocol} != "-" ]] && protocol="-p ${protocol}"
@ -262,10 +265,9 @@ function enable_easyblock {
[[ ${address} == "-" ]] && address="" [[ ${address} == "-" ]] && address=""
[[ ${protocol} == "-" ]] && protocol="" [[ ${protocol} == "-" ]] && protocol=""
${VER_IPTABLES} -A ${chain} ${interface} ${address} ${protocol} ${port} ${VER_IPTABLES} -A ${chain} ${interface} ${address} ${protocol} ${port}
done < "${FWCONFIGDIR}/ipv${IPVER}/easyblock.conf" done < "${FWCONFIGDIR}/ipv${IPVER}/easyblock.conf"
${debug} ${DebugColor} "${FUNCNAME}: done" ${debug} ${DebugColor} "${FUNCNAME}: done"
fi
} }