brielle
/
SRFirewall
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Add before/after run commands

master
Brie Bruns 2018-11-19 10:50:00 -07:00
parent fa09ce18f9
commit b19d4156d2
6 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@ -1,3 +1,6 @@
2.1 Beta 1 - 11/19/2018
- Add run-after and run-before rules (custom/runafter.sh and custom/runbefore.sh)
2.1 Alpha 3 - 04/25/2016 2.1 Alpha 3 - 04/25/2016
- Fix issue with erasing variables in two different setups - Fix issue with erasing variables in two different setups
- mss clamp fix for fwd target - mss clamp fix for fwd target

12
bin/srfirewall
View File

@ -174,6 +174,10 @@ fi
# Do IPv4 IPTables Rules # Do IPv4 IPTables Rules
if [ "${EnableIPv4}" == "yes" ]; then if [ "${EnableIPv4}" == "yes" ]; then
# Commands to run before everything else
if [ -x ${FWCONFIGDIR}/ipv4/custom/runbefore.sh ]; then . ${FWCONFIGDIR}/ipv4/custom/runbefore.sh; fi
# First flush all rules # First flush all rules
iptables_rules_flush ipv4 iptables_rules_flush ipv4
@ -203,10 +207,16 @@ if [ "${EnableIPv4}" == "yes" ]; then
[[ ${Enablev4NAT} == "yes" ]] && enable_nat ipv4 [[ ${Enablev4NAT} == "yes" ]] && enable_nat ipv4
[[ ${Enablev4PortForwarding} == "yes" ]] && enable_portfw ipv4 [[ ${Enablev4PortForwarding} == "yes" ]] && enable_portfw ipv4
# Commands to run after everything else
if [ -x ${FWCONFIGDIR}/ipv4/custom/runafter.sh ]; then . ${FWCONFIGDIR}/ipv4/custom/runafter.sh; fi
fi fi
# Do IPv6 IPTables Rules # Do IPv6 IPTables Rules
if [ "${EnableIPv6}" == "yes" ]; then if [ "${EnableIPv6}" == "yes" ]; then
# Commands to run before everything else
if [ -x ${FWCONFIGDIR}/ipv6/custom/runbefore.sh ]; then . ${FWCONFIGDIR}/ipv6/custom/runbefore.sh; fi
# First flush all rules # First flush all rules
iptables_rules_flush ipv6 iptables_rules_flush ipv6
@ -237,5 +247,7 @@ if [ "${EnableIPv6}" == "yes" ]; then
[[ ${Enablev6NAT} == "yes" ]] && enable_nat ipv6 [[ ${Enablev6NAT} == "yes" ]] && enable_nat ipv6
[[ ${Enablev6PortForwarding} == "yes" ]] && enable_portfw ipv6 [[ ${Enablev6PortForwarding} == "yes" ]] && enable_portfw ipv6
[[ ${EnableSysctlTweaks} == "yes" ]] && sysctl_tweaks [[ ${EnableSysctlTweaks} == "yes" ]] && sysctl_tweaks
# Commands to run after everything else
if [ -x ${FWCONFIGDIR}/ipv6/custom/runafter.sh ]; then . ${FWCONFIGDIR}/ipv6/custom/runafter.sh; fi
fi fi

6
etc/ipv4/custom/runafter.sh Normal file
View File

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# After all other things are done when the script loads

6
etc/ipv4/custom/runbefore.sh Normal file
View File

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before all other things are done when the script loads

6
etc/ipv6/custom/runafter.sh Normal file
View File

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# After all other things are done when the script loads

6
etc/ipv6/custom/runbefore.sh Normal file
View File

@ -0,0 +1,6 @@
# This file is sourced by the main srfirewall program to inject
# custom commands/rules during specific moments of the firewall
# setup.
#
# In particular this file injects/commands rules:
# Before all other things are done when the script loads