diff --git a/etc/ipv4/easyblock.conf b/etc/ipv4/easyblock.conf new file mode 100644 index 0000000..04d0b31 --- /dev/null +++ b/etc/ipv4/easyblock.conf @@ -0,0 +1,16 @@ +# Easy Block List +# Use this file to set up quick and easy blocking of traffic +# Use tabs or single space to separate + +#
+# +# Direction: Required ( IN | OUT ) +# Interface: Optional ( interface name, aka eth0 ) +# Address: Optional ( IN = source of traffic | OUT = destination of traffic ) +# Port: Optional ( 1 - 65535, Requires Protocol ) +# Protocol: Optional, Required if port is specified ( tcp | udp ) +# You can use '-' for optional fields +#============================================================ +#
+#IN eth0 10.0.0.1 22 tcp +#IN - - 22 tcp \ No newline at end of file diff --git a/etc/ipv6/easyblock.conf b/etc/ipv6/easyblock.conf new file mode 100644 index 0000000..7375481 --- /dev/null +++ b/etc/ipv6/easyblock.conf @@ -0,0 +1,16 @@ +# Easy Block List +# Use this file to set up quick and easy blocking of traffic +# Use tabs or single space to separate + +#
+# +# Direction: Required ( IN | OUT ) +# Interface: Optional ( interface name, aka eth0 ) +# Address: Optional ( IN = source of traffic | OUT = destination of traffic ) +# Port: Optional ( 1 - 65535, Requires Protocol ) +# Protocol: Optional, Required if port is specified ( tcp | udp ) +# You can use '-' for optional fields +#============================================================ +#
+#IN eth0 2002:dead:beef::/64 22 tcp +#IN - - 22 tcp \ No newline at end of file diff --git a/lib/iptables.inc b/lib/iptables.inc index e3c31f9..0d73496 100644 --- a/lib/iptables.inc +++ b/lib/iptables.inc @@ -241,7 +241,7 @@ function enable_easyblock { ${debug} ${DebugColor} "${FUNCNAME}: loading" if [ -e "${FWCONFIGDIR}/ipv${IPVER}/easyblock.conf" ]; then ${debug} ${DebugColor} "${FUNCNAME}: read ${FWCONFIGDIR}/ipv${IPVER}/easyblock.conf successful" - while read -r direction interface address port; do + while read -r direction interface address port protocol; do [[ ${direction} = \#* ]] && continue # Do some creative work with variables to make building the iptables rules fairly painless @@ -252,16 +252,18 @@ function enable_easyblock { ([[ ${interface} != "-" ]] && [[ ${direction} == "OUT" ]] && interface="-o ${interface}" [[ ${direction} == "OUT" ]] && chain="${OutEasyBlock}" [[ ${direction} == "IN" ]] && chain="${InEasyBlock}" + [[ ${protocol} != "-" ]] && protocol="-p ${protocol}" - ${debug} ${DebugColor} "${FUNCNAME}: Read: ${direction} ${interface} ${address} ${port}" + ${debug} ${DebugColor} "${FUNCNAME}: Read: ${direction} ${interface} ${address} ${port} ${protocol}" # Blank variables that we're not going to use. [[ ${interface} == "-" ]] && interface="" [[ ${port} == "-" ]] && port="" [[ ${address} == "-" ]] && address="" + [[ ${protocol} == "-" ]] && protocol="" - ${VER_IPTABLES} -A ${chain} ${interface} ${address} ${port} + ${VER_IPTABLES} -A ${chain} ${interface} ${address} ${protocol} ${port} done < "${FWCONFIGDIR}/ipv${IPVER}/easyblock.conf" ${debug} ${DebugColor} "${FUNCNAME}: done"