brielle/SRFirewall
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Browse Source
This commit is contained in:
bbruns@gmail.com 2014-03-30 16:53:31 +00:00
parent 5eaef26f04
commit 35504323b6
4 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/srfirewall
View File

@ -142,6 +142,7 @@ if [ "${EnableIPv4}" == "yes" ]; then
setup_iptables_chains ipv4
if [ "${AllowAllv4Loopback}" == "yes" ]; then allow_all_loopback ipv4; fi
if [ "${EnableTrustedv4Hosts}" == "yes" ]; then allow_trusted_hosts ipv4; fi
fi
# Do IPv4 IPTables Rules
@ -154,5 +155,6 @@ if [ "${EnableIPv6}" == "yes" ]; then
setup_iptables_chains ipv6
if [ "${AllowAllv6Loopback}" == "yes" ]; then allow_all_loopback ipv6; fi
if [ "${EnableTrustedv6Hosts}" == "yes" ]; then allow_trusted_hosts ipv6; fi
fi

4
etc/ipv4.conf
View File

@ -10,6 +10,10 @@ AllowAllv4Loopback="yes"
# Very early on rules to allow for trusted machines to access
# this machine. Rather important and helps keep you from getting
# locked out should the firewalling rules go bad.
#
# IMPORTANT: Hosts put in the trusted file will have complete
# and unfettered access to the host, ignoring all other rules.
#
# Config file is located in ipv4/trusted.conf
# Values: no | yes (default)
EnableTrustedv4Hosts="yes"

13
etc/ipv6.conf
View File

@ -5,4 +5,15 @@
# Good idea to keep this turned on, but if you so wish to,
# you can disable it here.
# Values: no | yes (default)
AllowAllv6Loopback="yes"
AllowAllv6Loopback="yes"
# Very early on rules to allow for trusted machines to access
# this machine. Rather important and helps keep you from getting
# locked out should the firewalling rules go bad.
#
# IMPORTANT: Hosts put in the trusted file will have complete
# and unfettered access to the host, ignoring all other rules.
#
# Config file is located in ipv6/trusted.conf
# Values: no | yes (default)
EnableTrustedv6Hosts="yes"

22
lib/iptables.inc
View File

@ -131,4 +131,26 @@ function allow_all_loopback {
${debug} ${DebugColor} "allow_all_loopback: loaded"
${VER_IPTABLES} -A ${InPreRules} -i lo -j ACCEPT
${VER_IPTABLES} -A ${OutPreRules} -o lo -j ACCEPT
}
function allow_trusted_hosts {
IP_VERSION=$1
case $IP_VERSION in
ipv6) VER_IPTABLES=${IP6TABLES};
IPVER="6" ;;
ipv4|*) VER_IPTABLES=${IPTABLES}
IPVER="4" ;;
esac
${debug} ${DebugColor} "allow_trusted_hosts: loading"
if [ -e "${FWCONFIGDIR}/ipv${IPVER}/trusted.conf" ]; then
for i in `grep -v "\#" "${FWCONFIGDIR}/ipv${IPVER}/trusted.conf"`; do
${VER_IPTABLES} -A ${InPreRules} -s $i -j ACCEPT
${VER_IPTABLES} -A ${OutPreRules} -d $i -j ACCEPT
done
${debug} ${DebugColor} "allow_trusted_hosts: done"
else
${display} RED "File Missing: ${FWCONFIGDIR}/ipv${IPVER}/trusted.conf"
${display} RED "Error: can not load trusted hosts file."
${debug} ${DebugColor} "allow_trusted_hosts: failed"
fi
}