Looks like we don't need quotes since its at the end of the options
parent
e89e9ad1b5
commit
7a9e72881c
|
@ -15,12 +15,11 @@
|
||||||
# Syn: Optional, only match (not) syn packets (syn | notsyn )
|
# Syn: Optional, only match (not) syn packets (syn | notsyn )
|
||||||
# State: Optional, set the connection tracking states ( comma separated list )
|
# State: Optional, set the connection tracking states ( comma separated list )
|
||||||
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
|
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
|
||||||
# (must surround with quotes)
|
#
|
||||||
|
|
||||||
# You can use '-' for optional fields
|
# You can use '-' for optional fields
|
||||||
#============================================================
|
#============================================================
|
||||||
#<dir> <action> <interface> <src-address> <src-port> <dst-address> <dst-port> <protocol> <syn> <state> <custom>
|
#<dir> <action> <interface> <src-address> <src-port> <dst-address> <dst-port> <protocol> <syn> <state> <custom>
|
||||||
#IN ACCEPT eth0 10.0.0.1 22 - - tcp -
|
#IN ACCEPT eth0 10.0.0.1 22 - - tcp -
|
||||||
#IN DROP - - - - 22 tcp syn
|
#IN DROP - - - - 22 tcp syn
|
||||||
#IN ACCEPT eth0 192.168.0.0/24 - 192.168.1.0/24 - - - "-m policy --dir in --pol ipsec --proto esp"
|
#IN ACCEPT eth0 192.168.0.0/24 - 192.168.1.0/24 - - - -m policy --dir in --pol ipsec --proto esp
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,6 @@
|
||||||
# Syn: Optional, only match (not) syn packets (syn | notsyn )
|
# Syn: Optional, only match (not) syn packets (syn | notsyn )
|
||||||
# State: Optional, set the connection tracking states ( comma separated list )
|
# State: Optional, set the connection tracking states ( comma separated list )
|
||||||
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
|
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
|
||||||
# (must surround with quotes)
|
|
||||||
#
|
#
|
||||||
# You can use '-' for optional fields
|
# You can use '-' for optional fields
|
||||||
#============================================================
|
#============================================================
|
||||||
|
@ -27,6 +26,6 @@
|
||||||
#DROP eth1 192.168.2.0/24 eth0 0/0 no
|
#DROP eth1 192.168.2.0/24 eth0 0/0 no
|
||||||
#DROP eth0 - eth1 192.168.0.0/24 no - 1:1024 tcp syn NEW
|
#DROP eth0 - eth1 192.168.0.0/24 no - 1:1024 tcp syn NEW
|
||||||
#ACCEPT eth1 - eth0 - no - - udp - NEW,ESTABLISHED,RELATED
|
#ACCEPT eth1 - eth0 - no - - udp - NEW,ESTABLISHED,RELATED
|
||||||
#IN ACCEPT eth0 192.168.0.0/24 eth1 192.168.1.0/24 yes - - - - - "-m policy --dir in --pol ipsec --proto esp"
|
#IN ACCEPT eth0 192.168.0.0/24 eth1 192.168.1.0/24 yes - - - - - -m policy --dir in --pol ipsec --proto esp
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,6 @@
|
||||||
# Destination Interface: Optional for all but MASQ ( interface name, aka eth0 )
|
# Destination Interface: Optional for all but MASQ ( interface name, aka eth0 )
|
||||||
# Destination Address: Required for all but MASQ ( IP address with optional netmask )
|
# Destination Address: Required for all but MASQ ( IP address with optional netmask )
|
||||||
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
|
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
|
||||||
# (must surround with quotes)
|
|
||||||
# You can use '-' for optional fields
|
# You can use '-' for optional fields
|
||||||
#============================================================
|
#============================================================
|
||||||
#<type> <src-interface> <src-address> <dst-interface> <dst-address> <custom>
|
#<type> <src-interface> <src-address> <dst-interface> <dst-address> <custom>
|
||||||
|
|
|
@ -15,11 +15,10 @@
|
||||||
# Syn: Optional, only match (not) syn packets (syn | notsyn )
|
# Syn: Optional, only match (not) syn packets (syn | notsyn )
|
||||||
# State: Optional, set the connection tracking states ( comma separated list )
|
# State: Optional, set the connection tracking states ( comma separated list )
|
||||||
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
|
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
|
||||||
# (must surround with quotes)
|
|
||||||
#
|
#
|
||||||
# You can use '-' for optional fields
|
# You can use '-' for optional fields
|
||||||
#============================================================
|
#============================================================
|
||||||
#<dir> <action> <interface> <src-address> <src-port> <dst-address> <dst-port> <protocol> <syn> <state> <custom>
|
#<dir> <action> <interface> <src-address> <src-port> <dst-address> <dst-port> <protocol> <syn> <state> <custom>
|
||||||
#IN ACCEPT eth0 2002:dead:beef::/64 22 - - tcp -
|
#IN ACCEPT eth0 2002:dead:beef::/64 22 - - tcp -
|
||||||
#IN DROP - - - - 22 tcp syn
|
#IN DROP - - - - 22 tcp syn
|
||||||
#IN ACCEPT eth0 2002:dead:beef::/64 - 2002:dead:bfff::/64 - - - "-m policy --dir in --pol ipsec --proto esp"
|
#IN ACCEPT eth0 2002:dead:beef::/64 - 2002:dead:bfff::/64 - - - -m policy --dir in --pol ipsec --proto esp
|
||||||
|
|
|
@ -18,7 +18,6 @@
|
||||||
# Syn: Optional, only match (not) syn packets (syn | notsyn )
|
# Syn: Optional, only match (not) syn packets (syn | notsyn )
|
||||||
# State: Optional, set the connection tracking states ( comma separated list )
|
# State: Optional, set the connection tracking states ( comma separated list )
|
||||||
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
|
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
|
||||||
# (must surround with quotes)
|
|
||||||
#
|
#
|
||||||
# You can use '-' for optional fields
|
# You can use '-' for optional fields
|
||||||
#============================================================
|
#============================================================
|
||||||
|
@ -27,4 +26,4 @@
|
||||||
#DROP eth1 2002::/64 eth0 2001::/3 no
|
#DROP eth1 2002::/64 eth0 2001::/3 no
|
||||||
#DROP eth0 2001::/3 eth1 2002:dead:beef::/64 no - 1:1024 tcp syn
|
#DROP eth0 2001::/3 eth1 2002:dead:beef::/64 no - 1:1024 tcp syn
|
||||||
#ACCEPT eth1 - eth0 - no - - udp - NEW,ESTABLISHED,RELATED
|
#ACCEPT eth1 - eth0 - no - - udp - NEW,ESTABLISHED,RELATED
|
||||||
#IN ACCEPT eth0 2002:dead:beef::/64 eth1 2002:dead:bfff::/64 yes - - - - - "-m policy --dir in --pol ipsec --proto esp"
|
#IN ACCEPT eth0 2002:dead:beef::/64 eth1 2002:dead:bfff::/64 yes - - - - - -m policy --dir in --pol ipsec --proto esp
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
# Destination Interface: Optional for all but MASQ ( interface name, aka eth0 )
|
# Destination Interface: Optional for all but MASQ ( interface name, aka eth0 )
|
||||||
# Destination Address: Required for all but MASQ ( IP address with optional netmask )
|
# Destination Address: Required for all but MASQ ( IP address with optional netmask )
|
||||||
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
|
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
|
||||||
# (must surround with quotes)
|
#
|
||||||
# You can use '-' for optional fields
|
# You can use '-' for optional fields
|
||||||
#============================================================
|
#============================================================
|
||||||
#<type> <src-interface> <src-address> <dst-interface> <dst-address> <custom>
|
#<type> <src-interface> <src-address> <dst-interface> <dst-address> <custom>
|
||||||
|
|
|
@ -486,7 +486,6 @@ function enable_nat {
|
||||||
[[ ${srcaddress} == "-" ]] && srcaddress=""
|
[[ ${srcaddress} == "-" ]] && srcaddress=""
|
||||||
[[ ${custom} == "-" ]] && custom=""
|
[[ ${custom} == "-" ]] && custom=""
|
||||||
|
|
||||||
|
|
||||||
${VER_IPTABLES} -A ${NAT} -t nat ${srcaddress} ${action} ${dstinterface} ${dstaddress} ${custom}
|
${VER_IPTABLES} -A ${NAT} -t nat ${srcaddress} ${action} ${dstinterface} ${dstaddress} ${custom}
|
||||||
#${VER_IPTABLES} -A ${FwdFilter} ${M_STATE} ${C_STATE} RELATED,ESTABLISHED,NEW ${srcinterface} ${srcaddress} ${dstinterface} -j ACCEPT
|
#${VER_IPTABLES} -A ${FwdFilter} ${M_STATE} ${C_STATE} RELATED,ESTABLISHED,NEW ${srcinterface} ${srcaddress} ${dstinterface} -j ACCEPT
|
||||||
#${VER_IPTABLES} -A ${FwdFilter} ${M_STATE} ${C_STATE} RELATED,ESTABLISHED ${revsrcinterface} ${revsrcaddress} ${revdstinterface} -j ACCEPT
|
#${VER_IPTABLES} -A ${FwdFilter} ${M_STATE} ${C_STATE} RELATED,ESTABLISHED ${revsrcinterface} ${revsrcaddress} ${revdstinterface} -j ACCEPT
|
||||||
|
|
Loading…
Reference in New Issue