master
bbruns@gmail.com
parent
c94af28d78
commit
a1852a5e66
|
|
@ -60,7 +60,7 @@ if [[ "${EnableIPv4}" == "yes" ]]; then
|
|||
|
||||
# Create the chain sets we'll need and the ones that can be
|
||||
# customized by users in their custom rules
|
||||
|
||||
setup_iptables_chains ipv4
|
||||
|
||||
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -25,11 +25,11 @@ InFilter="In-Filter"
|
|||
|
||||
OutFilter="Out-Filter"
|
||||
|
||||
CustomNAT="CustomNAT"
|
||||
CustomPostRouting="CustomPostRouting"
|
||||
|
||||
NAT="NAT"
|
||||
|
||||
CustomPortForward="Custom-PortFW"
|
||||
CustomPreRouting="Custom-PreRouting"
|
||||
|
||||
PortForward="PortForward"
|
||||
|
||||
|
|
|
|||
|
|
@ -57,13 +57,14 @@ function iptables_policy_reset {
|
|||
|
||||
# setup_iptables_chains (ipv4|ipv6)
|
||||
# Creates the default chains when called
|
||||
function setup_uptables_chains {
|
||||
function setup_iptables_chains {
|
||||
IP_VERSION=$1
|
||||
case $IP_VERSION in
|
||||
ipv6) VER_IPTABLES=${IP6TABLES} ;;
|
||||
ipv4|*) VER_IPTABLES=${IPTABLES} ;;
|
||||
esac
|
||||
${display_c} GREEN "Setting up default chains for ${IP_VERSION}..."
|
||||
# Create the actual chains
|
||||
${display_c} GREEN "Setting up chains for ${IP_VERSION}..."
|
||||
${VER_IPTABLES} -N ${InCustomPreRules}
|
||||
${VER_IPTABLES} -N ${InPreRules}
|
||||
${VER_IPTABLES} -N ${OutCustomPreRules}
|
||||
|
|
@ -77,12 +78,36 @@ function setup_uptables_chains {
|
|||
${VER_IPTABLES} -N ${OutFilter}
|
||||
${VER_IPTABLES} -N ${FwdCustomFilter}
|
||||
${VER_IPTABLES} -N ${FwdFilter}
|
||||
${VER_IPTABLES} -N ${CustomNAT}
|
||||
${VER_IPTABLES} -N ${CustomPostRouting}
|
||||
${VER_IPTABLES} -N ${NAT}
|
||||
${VER_IPTABLES} -N ${CustomPortForward}
|
||||
${VER_IPTABLES} -N ${CustomPreRouting}
|
||||
${VER_IPTABLES} -N ${PortForward}
|
||||
${VER_IPTABLES} -N ${InCustomPostRules}
|
||||
${VER_IPTABLES} -N ${InPostRules}
|
||||
${VER_IPTABLES} -N ${OutCustomPostRules}
|
||||
${VER_IPTABLES} -N ${InPostRules}
|
||||
${VER_IPTABLES} -N ${OutPostRules}
|
||||
|
||||
# Set up rules - the order matters - we do it separately here
|
||||
# for easy viewing of order
|
||||
${VER_IPTABLES} -A INPUT -j ${InCustomPreRules}
|
||||
${VER_IPTABLES} -A INPUT -j ${InPreRules}
|
||||
${VER_IPTABLES} -A OUTPUT -j ${OutCustomPreRules}
|
||||
${VER_IPTABLES} -A OUTPUT -j ${OutPreRules}
|
||||
${VER_IPTABLES} -A INPUT -j ${Trusted}
|
||||
${VER_IPTABLES} -A INPUT -j ${InEasyBlock}
|
||||
${VER_IPTABLES} -A OUTPUT -j ${OutEasyBlock}
|
||||
${VER_IPTABLES} -A INPUT -j ${InCustomFilter}
|
||||
${VER_IPTABLES} -A INPUT -j ${InFilter}
|
||||
${VER_IPTABLES} -A OUTPUT -j ${OutCustomFilter}
|
||||
${VER_IPTABLES} -A OUTPUT -j ${OutFilter}
|
||||
${VER_IPTABLES} -A FORWARD -j ${FwdCustomFilter}
|
||||
${VER_IPTABLES} -A FORWARD -j ${FwdFilter}
|
||||
${VER_IPTABLES} -A POSTROUTING -j ${CustomPostRouting}
|
||||
${VER_IPTABLES} -A POSTROUTING -j ${NAT}
|
||||
${VER_IPTABLES} -A PREROUTING -j ${CustomPreRouting}
|
||||
${VER_IPTABLES} -A PREROUTING -j ${PortForward}
|
||||
${VER_IPTABLES} -A INPUT -j ${InCustomPostRules}
|
||||
${VER_IPTABLES} -A INPUT -j ${InPostRules}
|
||||
${VER_IPTABLES} -A OUTPUT -j ${OutCustomPostRules}
|
||||
${VER_IPTABLES} -A OUTPUT -j${OutPostRules}
|
||||
}
|
||||
Loading…
Reference in New Issue