brielle
/
SRFirewall
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

master
bbruns@gmail.com 2014-03-30 16:40:28 +00:00
parent 9bdb156435
commit 5eaef26f04
5 changed files with 10 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
etc/ipv4.conf
View File

@ -4,4 +4,12 @@
# Allow everything over loopback (lo/127.0.0.0/8) # Allow everything over loopback (lo/127.0.0.0/8)
# Good idea to keep this turned on, but if you so wish to, # Good idea to keep this turned on, but if you so wish to,
# you can disable it here. # you can disable it here.
# Values: no | yes (default)
AllowAllv4Loopback="yes" AllowAllv4Loopback="yes"
# Very early on rules to allow for trusted machines to access
# this machine. Rather important and helps keep you from getting
# locked out should the firewalling rules go bad.
# Config file is located in ipv4/trusted.conf
# Values: no | yes (default)
EnableTrustedv4Hosts="yes"

6
etc/ipv4/custom/trusted.sh
View File

@ -1,6 +0,0 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before the trusted chains are set up

1
etc/ipv6.conf
View File

@ -4,4 +4,5 @@
# Allow everything over loopback (lo ::1/28) # Allow everything over loopback (lo ::1/28)
# Good idea to keep this turned on, but if you so wish to, # Good idea to keep this turned on, but if you so wish to,
# you can disable it here. # you can disable it here.
# Values: no | yes (default)
AllowAllv6Loopback="yes" AllowAllv6Loopback="yes"

6
etc/ipv6/custom/trusted.sh
View File

@ -1,6 +0,0 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before the trusted chains are set up

4
lib/iptables.inc
View File

@ -78,7 +78,6 @@ function setup_iptables_chains {
${display} GREEN "Setting up chains for ${IP_VERSION}..." ${display} GREEN "Setting up chains for ${IP_VERSION}..."
${VER_IPTABLES} -N ${InPreRules} ${VER_IPTABLES} -N ${InPreRules}
${VER_IPTABLES} -N ${OutPreRules} ${VER_IPTABLES} -N ${OutPreRules}
${VER_IPTABLES} -N ${Trusted}
${VER_IPTABLES} -N ${InEasyBlock} ${VER_IPTABLES} -N ${InEasyBlock}
${VER_IPTABLES} -N ${OutEasyBlock} ${VER_IPTABLES} -N ${OutEasyBlock}
${VER_IPTABLES} -N ${InFilter} ${VER_IPTABLES} -N ${InFilter}
@ -96,9 +95,6 @@ function setup_iptables_chains {
${VER_IPTABLES} -A INPUT -j ${InPreRules} ${VER_IPTABLES} -A INPUT -j ${InPreRules}
${debug} ${DebugColor} "Setting up OutPreRules" ${debug} ${DebugColor} "Setting up OutPreRules"
${VER_IPTABLES} -A OUTPUT -j ${OutPreRules} ${VER_IPTABLES} -A OUTPUT -j ${OutPreRules}
if [ -x ${FWCONFIGDIR}/ipv${IPVER}/custom/trusted.sh ]; then . ${FWCONFIGDIR}/ipv${IPVER}/custom/trusted.sh; fi
${debug} ${DebugColor} "Setting up Trusted"
${VER_IPTABLES} -A INPUT -j ${Trusted}
if [ -x ${FWCONFIGDIR}/ipv${IPVER}/custom/easyblock.sh ]; then . ${FWCONFIGDIR}/ipv${IPVER}/custom/easyblock.sh; fi if [ -x ${FWCONFIGDIR}/ipv${IPVER}/custom/easyblock.sh ]; then . ${FWCONFIGDIR}/ipv${IPVER}/custom/easyblock.sh; fi
${debug} ${DebugColor} "Setting up InEasyBlock" ${debug} ${DebugColor} "Setting up InEasyBlock"
${VER_IPTABLES} -A INPUT -j ${InEasyBlock} ${VER_IPTABLES} -A INPUT -j ${InEasyBlock}