More framework
bbruns@gmail.com
parent
a1852a5e66
commit
8533148fa3
|
|
@ -1,42 +1,14 @@
|
|||
# Chain name mapping
|
||||
# Don't change these unless you know what your doing
|
||||
|
||||
InCustomPreRules="In-CustomPreRules"
|
||||
|
||||
InPreRules="In-PreRules"
|
||||
|
||||
OutCustomPreRules="Out-CustomPreRules"
|
||||
|
||||
OutPreRules="Out-PreRules"
|
||||
|
||||
Trusted="In-Trusted"
|
||||
|
||||
InEasyBlock="In-EasyBlock"
|
||||
|
||||
OutEasyBlock="Out-EasyBlock"
|
||||
|
||||
InCustomFilter="In-CustomFilter"
|
||||
|
||||
OutCustomFilter="Out-CustomFilter"
|
||||
|
||||
FwdCustomFilter="Fwd-CustomFilter"
|
||||
|
||||
InFilter="In-Filter"
|
||||
|
||||
OutFilter="Out-Filter"
|
||||
|
||||
CustomPostRouting="CustomPostRouting"
|
||||
|
||||
NAT="NAT"
|
||||
|
||||
CustomPreRouting="Custom-PreRouting"
|
||||
|
||||
PortForward="PortForward"
|
||||
|
||||
InCustomPostRules="In-CustomPostRules"
|
||||
|
||||
InPostRules="In-PostRules"
|
||||
|
||||
OutCustomOstRules="Out-CustomPostRules"
|
||||
|
||||
OutPostRules="Out-PostRules"
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
# These are the custom files that can be used to inject rules during loading. Please don't change them
|
||||
# unless you have a good reason.
|
||||
# To allow variable propagation/change and some creative changes of rules that I haven't tought of,
|
||||
# these files are sourced into the main file during setup of the order of chains.
|
||||
|
||||
$V4CUSTPREFIX="${FWPREFIX}/ipv4/"
|
||||
|
||||
$v4_Custom_Pre="$V4CUSTPREFIX/prerun.sh"
|
||||
$v4_Custom_Trust="$V4CUSTPREFIX/trusted.sh"
|
||||
$v4_Custom_EasyBlock="$V4CUSTPREFIX/easyblock.sh"
|
||||
$v4_Custom_Filter="$V4CUSTPREFIX/filter.sh"
|
||||
$v4_Custom_NAT="$V4CUSTPREFIX/nat.sh"
|
||||
$v4_Custom_PortFw="$V4CUSTPREFIX/portfw.sh"
|
||||
$v4_Custom_Post="$V4CUSTPREFIX/postrun.sh"
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# This file is sourced by the main srfirewall program to inject
|
||||
# custom commands/rules during specific moments of the firewall
|
||||
# setup.
|
||||
#
|
||||
# In particular this file injects/commands rules:
|
||||
# Before the easyblock in/out rules are setup
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# This file is sourced by the main srfirewall program to inject
|
||||
# custom commands/rules during specific moments of the firewall
|
||||
# setup.
|
||||
#
|
||||
# In particular this file injects/commands rules:
|
||||
# Before the main filter rules are set up
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# This file is sourced by the main srfirewall program to inject
|
||||
# custom commands/rules during specific moments of the firewall
|
||||
# setup.
|
||||
#
|
||||
# In particular this file injects/commands rules:
|
||||
# Before the main nat rules are set up
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# This file is sourced by the main srfirewall program to inject
|
||||
# custom commands/rules during specific moments of the firewall
|
||||
# setup.
|
||||
#
|
||||
# In particular this file injects/commands rules:
|
||||
# Before the main port forwardings are set up
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# This file is sourced by the main srfirewall program to inject
|
||||
# custom commands/rules during specific moments of the firewall
|
||||
# setup.
|
||||
#
|
||||
# In particular this file injects/commands rules:
|
||||
# Before the final post rules are set up
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# This file is sourced by the main srfirewall program to inject
|
||||
# custom commands/rules during specific moments of the firewall
|
||||
# setup.
|
||||
#
|
||||
# In particular this file injects/commands rules:
|
||||
# Before the main chains are setup.
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# This file is sourced by the main srfirewall program to inject
|
||||
# custom commands/rules during specific moments of the firewall
|
||||
# setup.
|
||||
#
|
||||
# In particular this file injects/commands rules:
|
||||
# Before the trusted chains are set up
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
# These are the custom files that can be used to inject rules during loading. Please don't change them
|
||||
# unless you have a good reason.
|
||||
# To allow variable propagation/change and some creative changes of rules that I haven't tought of,
|
||||
# these files are sourced into the main file during setup of the order of chains.
|
||||
|
||||
$V6CUSTPREFIX="${FWPREFIX}/ipv6/"
|
||||
|
||||
$v6_Custom_Pre="$V6CUSTPREFIX/prerun.sh"
|
||||
$v6_Custom_Trust="$V6CUSTPREFIX/trusted.sh"
|
||||
$v6_Custom_EasyBlock="$V6CUSTPREFIX/easyblock.sh"
|
||||
$v6_Custom_Filter="$V6CUSTPREFIX/filter.sh"
|
||||
$v6_Custom_NAT="$V6CUSTPREFIX/nat.sh"
|
||||
$v6_Custom_PortFw="$V6CUSTPREFIX/portfw.sh"
|
||||
$v6_Custom_Post="$V6CUSTPREFIX/postrun.sh"
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# This file is sourced by the main srfirewall program to inject
|
||||
# custom commands/rules during specific moments of the firewall
|
||||
# setup.
|
||||
#
|
||||
# In particular this file injects/commands rules:
|
||||
# Before the easyblock in/out rules are setup
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# This file is sourced by the main srfirewall program to inject
|
||||
# custom commands/rules during specific moments of the firewall
|
||||
# setup.
|
||||
#
|
||||
# In particular this file injects/commands rules:
|
||||
# Before the main filter rules are set up
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# This file is sourced by the main srfirewall program to inject
|
||||
# custom commands/rules during specific moments of the firewall
|
||||
# setup.
|
||||
#
|
||||
# In particular this file injects/commands rules:
|
||||
# Before the main nat rules are set up
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# This file is sourced by the main srfirewall program to inject
|
||||
# custom commands/rules during specific moments of the firewall
|
||||
# setup.
|
||||
#
|
||||
# In particular this file injects/commands rules:
|
||||
# Before the main port forwardings are set up
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# This file is sourced by the main srfirewall program to inject
|
||||
# custom commands/rules during specific moments of the firewall
|
||||
# setup.
|
||||
#
|
||||
# In particular this file injects/commands rules:
|
||||
# Before the final post rules are set up
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# This file is sourced by the main srfirewall program to inject
|
||||
# custom commands/rules during specific moments of the firewall
|
||||
# setup.
|
||||
#
|
||||
# In particular this file injects/commands rules:
|
||||
# Before the main chains are setup.
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# This file is sourced by the main srfirewall program to inject
|
||||
# custom commands/rules during specific moments of the firewall
|
||||
# setup.
|
||||
#
|
||||
# In particular this file injects/commands rules:
|
||||
# Before the trusted chains are set up
|
||||
|
|
@ -60,54 +60,45 @@ function iptables_policy_reset {
|
|||
function setup_iptables_chains {
|
||||
IP_VERSION=$1
|
||||
case $IP_VERSION in
|
||||
ipv6) VER_IPTABLES=${IP6TABLES} ;;
|
||||
ipv4|*) VER_IPTABLES=${IPTABLES} ;;
|
||||
ipv6) VER_IPTABLES=${IP6TABLES};
|
||||
IPVER="6" ;;
|
||||
ipv4|*) VER_IPTABLES=${IPTABLES}
|
||||
IPVER="4" ;;
|
||||
esac
|
||||
# Create the actual chains
|
||||
${display_c} GREEN "Setting up chains for ${IP_VERSION}..."
|
||||
${VER_IPTABLES} -N ${InCustomPreRules}
|
||||
${VER_IPTABLES} -N ${InPreRules}
|
||||
${VER_IPTABLES} -N ${OutCustomPreRules}
|
||||
${VER_IPTABLES} -N ${OutPreRules}
|
||||
${VER_IPTABLES} -N ${Trusted}
|
||||
${VER_IPTABLES} -N ${InEasyBlock}
|
||||
${VER_IPTABLES} -N ${OutEasyBlock}
|
||||
${VER_IPTABLES} -N ${InCustomFilter}
|
||||
${VER_IPTABLES} -N ${InFilter}
|
||||
${VER_IPTABLES} -N ${OutCustomFilter}
|
||||
${VER_IPTABLES} -N ${OutFilter}
|
||||
${VER_IPTABLES} -N ${FwdCustomFilter}
|
||||
${VER_IPTABLES} -N ${FwdFilter}
|
||||
${VER_IPTABLES} -N ${CustomPostRouting}
|
||||
${VER_IPTABLES} -N ${NAT}
|
||||
${VER_IPTABLES} -N ${CustomPreRouting}
|
||||
${VER_IPTABLES} -N ${PortForward}
|
||||
${VER_IPTABLES} -N ${InCustomPostRules}
|
||||
${VER_IPTABLES} -N ${InPostRules}
|
||||
${VER_IPTABLES} -N ${OutCustomPostRules}
|
||||
${VER_IPTABLES} -N ${OutPostRules}
|
||||
|
||||
# Set up rules - the order matters - we do it separately here
|
||||
# for easy viewing of order
|
||||
${VER_IPTABLES} -A INPUT -j ${InCustomPreRules}
|
||||
if [ -x ${v${IPVER}_Custom_Pre} ]; then . ${v${IPVER}_Custom_Pre}; fi
|
||||
${VER_IPTABLES} -A INPUT -j ${InPreRules}
|
||||
${VER_IPTABLES} -A OUTPUT -j ${OutCustomPreRules}
|
||||
${VER_IPTABLES} -A OUTPUT -j ${OutPreRules}
|
||||
if [ -x ${v${IPVER}_Custom_Trust} ]; then . ${v${IPVER}_Custom_Trust}; fi
|
||||
${VER_IPTABLES} -A INPUT -j ${Trusted}
|
||||
if [ -x ${v${IPVER}_Custom_EasyBlock} ]; then . ${v${IPVER}_Custom_EasyBlock}; fi
|
||||
${VER_IPTABLES} -A INPUT -j ${InEasyBlock}
|
||||
${VER_IPTABLES} -A OUTPUT -j ${OutEasyBlock}
|
||||
${VER_IPTABLES} -A INPUT -j ${InCustomFilter}
|
||||
if [ -x ${v${IPVER}_Custom_Filter} ]; then . ${v${IPVER}_Custom_Filter}; fi
|
||||
${VER_IPTABLES} -A INPUT -j ${InFilter}
|
||||
${VER_IPTABLES} -A OUTPUT -j ${OutCustomFilter}
|
||||
${VER_IPTABLES} -A OUTPUT -j ${OutFilter}
|
||||
${VER_IPTABLES} -A FORWARD -j ${FwdCustomFilter}
|
||||
${VER_IPTABLES} -A FORWARD -j ${FwdFilter}
|
||||
${VER_IPTABLES} -A POSTROUTING -j ${CustomPostRouting}
|
||||
if [ -x ${v${IPVER}_Custom_NAT} ]; then . ${v${IPVER}_Custom_NAT}; fi
|
||||
${VER_IPTABLES} -A POSTROUTING -j ${NAT}
|
||||
${VER_IPTABLES} -A PREROUTING -j ${CustomPreRouting}
|
||||
if [ -x ${v${IPVER}_Custom_PortFw} ]; then . ${v${IPVER}_Custom_PortFw}; fi
|
||||
${VER_IPTABLES} -A PREROUTING -j ${PortForward}
|
||||
${VER_IPTABLES} -A INPUT -j ${InCustomPostRules}
|
||||
if [ -x ${v${IPVER}_Custom_Post} ]; then . ${v${IPVER}_Custom_Post}; fi
|
||||
${VER_IPTABLES} -A INPUT -j ${InPostRules}
|
||||
${VER_IPTABLES} -A OUTPUT -j ${OutCustomPostRules}
|
||||
${VER_IPTABLES} -A OUTPUT -j${OutPostRules}
|
||||
${VER_IPTABLES} -A OUTPUT -j ${OutPostRules}
|
||||
}
|
||||
Loading…
Reference in New Issue