verzia 2.116, 2018/06/28 23:13:42 |
verzia 2.121, 2019/10/08 22:25:30 |
|
|
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.115 2018/06/28 22:46:00 nepto Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.120 2019/02/14 23:14:32 nepto Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
Riadok 763 do_ban_single_ip() |
|
Riadok 763 do_ban_single_ip() |
|
return; |
return; |
fi |
fi |
for banned_ip in $*; do |
for banned_ip in $*; do |
$IPTABLES -A INPUT -s $banned_ip -j DROP; |
# This does immediate connection termination, but it must be inserted |
if [ "X$XEN_MODE" = "Xon" ]; then |
# and thus not appended into chain, otherwise connection will still |
print_info -ne " XEN_MODE "; |
# remain alive. Former forward chain rule was removed as unneccessary. |
else |
# -- Nepto [2018-08-23] |
$IPTABLES -A FORWARD -s $banned_ip -j DROP; |
# -- Plantroon [2018-12-10] |
fi |
$IPTABLES -I INPUT -s $banned_ip -j DROP; |
done |
done |
} # }}} |
} # }}} |
|
|
Riadok 816 allow_accept_all() |
|
Riadok 816 allow_accept_all() |
|
fi |
fi |
} # }}} |
} # }}} |
|
|
|
allow_accept_vrrp() |
|
{ # {{{ |
|
if [ ! -z "$IFACE_ACCEPT_VRRP" ]; then |
|
print_info -en "Accepting VRRP packets on interfaces:" |
|
for iface in $IFACE_ACCEPT_VRRP; do |
|
print_info -en " $iface" |
|
$IPTABLES -A INPUT -i $iface -d 224.0.0.18/32 -p vrrp -j ACCEPT; |
|
$IPTABLES -A OUTPUT -o $iface -d 224.0.0.18/32 -p vrrp -j ACCEPT; |
|
done |
|
print_info " done." |
|
fi |
|
} # }}} |
|
|
drop_input() |
drop_input() |
{ # {{{ |
{ # {{{ |
if [ ! -z "$NAT_LAN_IFACE" ]; then |
if [ ! -z "$NAT_LAN_IFACE" ]; then |
|
|
# |
# |
# (un)commnet next lines as needed |
# (un)commnet next lines as needed |
# |
# |
bann_ip_adresses |
|
allow_accept_all |
allow_accept_all |
|
allow_accept_vrrp |
nmap_scan_filter |
nmap_scan_filter |
invalid_packet_filter |
invalid_packet_filter |
anti_spoof_filter |
anti_spoof_filter |
|
|
shaping_on |
shaping_on |
configure_special_rules |
configure_special_rules |
custom_rules |
custom_rules |
|
bann_ip_adresses |
$IPTABLES_SAVE -c > $CACHE_FILE |
$IPTABLES_SAVE -c > $CACHE_FILE |
;; |
;; |
|
|