brielle
/
SRFirewall
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

master
bbruns@gmail.com 2014-03-01 18:42:17 +00:00
parent c94af28d78
commit a1852a5e66
3 changed files with 33 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/srfirewall
View File

@ -60,7 +60,7 @@ if [[ "${EnableIPv4}" == "yes" ]]; then
# Create the chain sets we'll need and the ones that can be # Create the chain sets we'll need and the ones that can be
# customized by users in their custom rules # customized by users in their custom rules
setup_iptables_chains ipv4
fi fi

4
etc/chains.conf
View File

@ -25,11 +25,11 @@ InFilter="In-Filter"
OutFilter="Out-Filter" OutFilter="Out-Filter"
CustomNAT="CustomNAT" CustomPostRouting="CustomPostRouting"
NAT="NAT" NAT="NAT"
CustomPortForward="Custom-PortFW" CustomPreRouting="Custom-PreRouting"
PortForward="PortForward" PortForward="PortForward"

35
lib/iptables.inc
View File

@ -57,13 +57,14 @@ function iptables_policy_reset {
# setup_iptables_chains (ipv4|ipv6) # setup_iptables_chains (ipv4|ipv6)
# Creates the default chains when called # Creates the default chains when called
function setup_uptables_chains { function setup_iptables_chains {
IP_VERSION=$1 IP_VERSION=$1
case $IP_VERSION in case $IP_VERSION in
ipv6) VER_IPTABLES=${IP6TABLES} ;; ipv6) VER_IPTABLES=${IP6TABLES} ;;
ipv4|*) VER_IPTABLES=${IPTABLES} ;; ipv4|*) VER_IPTABLES=${IPTABLES} ;;
esac esac
${display_c} GREEN "Setting up default chains for ${IP_VERSION}..." # Create the actual chains
${display_c} GREEN "Setting up chains for ${IP_VERSION}..."
${VER_IPTABLES} -N ${InCustomPreRules} ${VER_IPTABLES} -N ${InCustomPreRules}
${VER_IPTABLES} -N ${InPreRules} ${VER_IPTABLES} -N ${InPreRules}
${VER_IPTABLES} -N ${OutCustomPreRules} ${VER_IPTABLES} -N ${OutCustomPreRules}
@ -77,12 +78,36 @@ function setup_uptables_chains {
${VER_IPTABLES} -N ${OutFilter} ${VER_IPTABLES} -N ${OutFilter}
${VER_IPTABLES} -N ${FwdCustomFilter} ${VER_IPTABLES} -N ${FwdCustomFilter}
${VER_IPTABLES} -N ${FwdFilter} ${VER_IPTABLES} -N ${FwdFilter}
${VER_IPTABLES} -N ${CustomNAT} ${VER_IPTABLES} -N ${CustomPostRouting}
${VER_IPTABLES} -N ${NAT} ${VER_IPTABLES} -N ${NAT}
${VER_IPTABLES} -N ${CustomPortForward} ${VER_IPTABLES} -N ${CustomPreRouting}
${VER_IPTABLES} -N ${PortForward} ${VER_IPTABLES} -N ${PortForward}
${VER_IPTABLES} -N ${InCustomPostRules} ${VER_IPTABLES} -N ${InCustomPostRules}
${VER_IPTABLES} -N ${InPostRules} ${VER_IPTABLES} -N ${InPostRules}
${VER_IPTABLES} -N ${OutCustomPostRules} ${VER_IPTABLES} -N ${OutCustomPostRules}
${VER_IPTABLES} -N ${InPostRules} ${VER_IPTABLES} -N ${OutPostRules}
# Set up rules - the order matters - we do it separately here
# for easy viewing of order
${VER_IPTABLES} -A INPUT -j ${InCustomPreRules}
${VER_IPTABLES} -A INPUT -j ${InPreRules}
${VER_IPTABLES} -A OUTPUT -j ${OutCustomPreRules}
${VER_IPTABLES} -A OUTPUT -j ${OutPreRules}
${VER_IPTABLES} -A INPUT -j ${Trusted}
${VER_IPTABLES} -A INPUT -j ${InEasyBlock}
${VER_IPTABLES} -A OUTPUT -j ${OutEasyBlock}
${VER_IPTABLES} -A INPUT -j ${InCustomFilter}
${VER_IPTABLES} -A INPUT -j ${InFilter}
${VER_IPTABLES} -A OUTPUT -j ${OutCustomFilter}
${VER_IPTABLES} -A OUTPUT -j ${OutFilter}
${VER_IPTABLES} -A FORWARD -j ${FwdCustomFilter}
${VER_IPTABLES} -A FORWARD -j ${FwdFilter}
${VER_IPTABLES} -A POSTROUTING -j ${CustomPostRouting}
${VER_IPTABLES} -A POSTROUTING -j ${NAT}
${VER_IPTABLES} -A PREROUTING -j ${CustomPreRouting}
${VER_IPTABLES} -A PREROUTING -j ${PortForward}
${VER_IPTABLES} -A INPUT -j ${InCustomPostRules}
${VER_IPTABLES} -A INPUT -j ${InPostRules}
${VER_IPTABLES} -A OUTPUT -j ${OutCustomPostRules}
${VER_IPTABLES} -A OUTPUT -j${OutPostRules}
} }