Platon Technologies
neprihlásený Prihlásiť Registrácia
SlovakEnglish
open source software development oslavujeme 10 rokov vývoja otvoreného softvéru! Štvrtok, 28. marec 2024

Rozdiely pre scripts/shell/firewall/fw-universal.sh medzi verziami 2.110 a 2.115

verzia 2.110, 2016/05/05 21:07:54 verzia 2.115, 2018/06/28 22:46:00
Riadok 4 
Riadok 4 
 # Provides:          firewall  # Provides:          firewall
 # Required-Start:    $network  # Required-Start:    $network
 # Required-Stop:     $remote_fs  # Required-Stop:     $remote_fs
 # Default-Start:     S  # Default-Start:     2 3 4 5
 # Default-Stop:      0 6  # Default-Stop:      0 6
 # Short-Description: Starts firewall  # Short-Description: Starts firewall
 # Description:       Handle universal firewall script by Platon Group  # Description:       Handle universal firewall script by Platon Group
 #                    http://platon.sk/cvs/cvs.php/scripts/shell/firewall/  #                    http://platon.sk/cvs/cvs.php/scripts/shell/firewall/
 # Author:            Lubomir Host <rajo@platon.sk>  # Author:            Lubomir Host <rajo@platon.sk>
 # Copyright:         (c) 2003-2011 Platon Group  # Copyright:         (c) 2003-2018 Platon Group
 ### END INIT INFO  ### END INIT INFO
   
 #  #
Riadok 18 
Riadok 18 
 # Can be started by init or by hand.  # Can be started by init or by hand.
 #  #
 # Developed by Lubomir Host 'rajo' <rajo AT platon.sk>  # Developed by Lubomir Host 'rajo' <rajo AT platon.sk>
 # Copyright (c) 2003-2011 Platon Group, http://platon.sk/  # Copyright (c) 2003-2018 Platon Group, http://platon.sk/
 # Licensed under terms of GNU General Public License.  # Licensed under terms of GNU General Public License.
 # All rights reserved.  # All rights reserved.
 #  #
 # $Platon: scripts/shell/firewall/fw-universal.sh,v 2.109 2016/02/26 07:01:10 nepto Exp $  # $Platon: scripts/shell/firewall/fw-universal.sh,v 2.114 2018/06/28 16:50:18 nepto Exp $
 #  #
 # Changelog:  # Changelog:
 # 2003-10-24 - created  # 2003-10-24 - created
 # 2011-07-20 - implemented XEN_MODE  # 2011-07-20 - implemented XEN_MODE
   # 2018-03-01 - fixed Default-Start for SystemD on Stretch (nepto)
 #  #
   
   
Riadok 57  fi
Riadok 58  fi
   
 # Define function which can be used in config file  # Define function which can be used in config file
 # Usage:  # Usage:
 #   load_subnets eth0_ACCEPT_INPUT_TCP Slovakia 22  #   load_subnets eth0_ACCEPT_INPUT_TCP Slovakia.txt 22
 load_subnets()  load_subnets()
 { # {{{  { # {{{
         cfgvar=$1          cfgvar="$1";
         cfgfile="$2.txt"          cfgfile="$2";
         port=$3          port="$3";
   
         echo "LOAD_SUBNETS $*"          print_info "LOAD_SUBNETS: $*";
   
         if [ -f "$DEFAULT_FIREWALL_CONFIG_DIR/subnets/$cfgfile" ]; then          if [ -f "$DEFAULT_FIREWALL_CONFIG_DIR/subnets/$cfgfile" ]; then
                 cfgfound="$DEFAULT_FIREWALL_CONFIG_DIR/subnets/$cfgfile";                  cfgfound="$DEFAULT_FIREWALL_CONFIG_DIR/subnets/$cfgfile";
           else if [ -f "$DIST_FIREWALL_CONFIG_DIR/subnets/$cfgfile" ]; then
                   cfgfound="$DIST_FIREWALL_CONFIG_DIR/subnets/$cfgfile";
         else          else
                 if [ -f "$DIST_FIREWALL_CONFIG_DIR/subnets/$cfgfile" ]; then                  print_info "LOAD_SUBNETS: config file not found: $cfgfile";
                         cfgfound="$DIST_FIREWALL_CONFIG_DIR/subnets/$cfgfile";                  return 1
                 else          fi fi
                         print_info "LOAD_SUBNETS: Config file '$cfgfile' not found"  
                         return 1  
                 fi  
         fi  
         LOADED_CONFIG_FILES="$LOADED_CONFIG_FILES $cfgfound";          LOADED_CONFIG_FILES="$LOADED_CONFIG_FILES $cfgfound";
   
         lines=0          print_info "LOAD_SUBNETS: found $cfgfile: $cfgfound";
         print_info "LOAD_SUBNETS: Mapping $cfgfound map file to $cfgvar, port $port"          print_info "LOAD_SUBNETS: mapping $cfgfile to $cfgvar, port $port"
   
           lines=0;
         while read subnet ; do          while read subnet ; do
                 case "$subnet" in                  case "$subnet" in
                         ""|\#*)                          ""|\#*)
                                 continue                                  continue
                                 ;;                                  ;;
                 esac                  esac
                 print_info "LOAD_SUBNETS: $cfgvar=\"\$$cfgvar $subnet:$port\""                  eval "$cfgvar=\"\$$cfgvar $subnet:$port\"";
                 eval "$cfgvar=\"\$$cfgvar $subnet:$port\""                  lines=$(($lines + 1));
                 lines=$(($lines + 1))  
         done < $cfgfound          done < $cfgfound
         print_info "LOAD_SUBNETS: $cfgvar='${!cfgvar}'"          print_info "LOAD_SUBNETS: $lines subnets loaded from $cfgfile"
         print_info "LOAD_SUBNETS: $lines subnets loaded from '$cfgfile' into '$cfgvar'"  
   
 } # }}}  } # }}}
   
 if [ -f "$DEFAULT_FIREWALL_CONFIG" ]; then  if [ -f "$DEFAULT_FIREWALL_CONFIG" ]; then
Riadok 1069  allow_input()
Riadok 1067  allow_input()
                 print_info " done."                  print_info " done."
         fi          fi
   
         # We are using REAL_INTERFACES instead of INTERFACES here, because we want          # We are using INTERFACES + lo instead of INTERFACES here, because we want
         # to do redirects for "lo" interface as well. However for "lo" it is done          # to do redirects for "lo" interface as well. However for "lo" it is done
         # quite differently. See http://ix.sk/0WY2j for more information on this.          # quite differently. See http://ix.sk/0WY2j for more information on this.
         #   -- Nepto [2015-10-19]          #   -- Nepto [2015-10-19]
         for iface in $REAL_INTERFACES; do          for iface in lo $INTERFACES; do
                 riface="IFname_$iface";                  riface="IFname_$iface";
                 IPS="IP_$iface";                  IPS="IP_$iface";
   
Riadok 1620  shaping_status()
Riadok 1618  shaping_status()
   
 add_banned_ip()  add_banned_ip()
 { # {{{  { # {{{
         echo "# `date '+%Y-%m-%d %X' `" >> $DEFAULT_FIREWALL_CONFIG_DIR/BANNED_IP.conf          echo "# `date '+%F %T'`" >> $DEFAULT_FIREWALL_CONFIG_DIR/BANNED_IP.conf
         TMPFILE=`mktemp -t fw-universal.sh-XXXXXX` || exit 1          TMPFILE=`mktemp -t fw-universal.sh-XXXXXX` || exit 1
         trap 'rm -f $TMPFILE' 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15          trap 'rm -f $TMPFILE' 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
         if [ -z "$*" ]; then          if [ -z "$*" ]; then
Riadok 1916  case "$1" in
Riadok 1914  case "$1" in
                 drop_output                  drop_output
                 allow_output                  allow_output
                 allow_icmp                  allow_icmp
                 echo "----[ INCOMMING TRAFFIC ]------------------------------------------------"                  print_info "----[ INCOMMING TRAFFIC ]------------------------------------------------"
                 drop_input                  drop_input
                 reject_input                  reject_input
                 allow_input                  allow_input

Legend:
Odstranené z verzie2.110  
zmenené riadky
  Pridané vo verzii2.115

Platon Group <platon@platon.sk> http://platon.sk/
Copyright © 2002-2006 Platon Group
Stránka používa redakčný systém Metafox
Na začiatok