verzia 2.16, 2005/01/16 15:27:15 |
verzia 2.18, 2005/03/01 21:47:20 |
|
|
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.15 2005/01/16 12:13:32 rajo Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.17 2005/01/16 17:24:23 rajo Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
Riadok 125 remove_chains() |
|
Riadok 125 remove_chains() |
|
for table in filter nat mangle; do |
for table in filter nat mangle; do |
$IPTABLES -t $table -F # clear all chains |
$IPTABLES -t $table -F # clear all chains |
$IPTABLES -t $table -X # remove all chains |
$IPTABLES -t $table -X # remove all chains |
|
$IPTABLES -t $table -Z # zero counts |
done |
done |
|
|
} # }}} |
} # }}} |
|
|
|
|
# alow packets from private subnet |
# alow packets from private subnet |
$IPTABLES -A FORWARD -s ! $localnet -i $NAT_SUBNET_IFACE -j DROP |
$IPTABLES -A FORWARD -s ! $localnet -i $NAT_SUBNET_IFACE -j DROP |
|
for client_ip in $NAT_CLIENT_DROP; do |
|
echo -en " !$client_ip"; |
|
$IPTABLES -A FORWARD -s $client_ip -i $NAT_SUBNET_IFACE -j DROP |
|
done |
|
|
for redirect in $NAT_TCP_PORT_REDIRECT; do |
for redirect in $NAT_TCP_PORT_REDIRECT; do |
eval `echo $redirect | awk -v FS=: '{ printf "remote_port=%s; local_port=%s;", $1, $2; }'` |
eval `echo $redirect | awk -v FS=: '{ printf "remote_port=%s; local_port=%s;", $1, $2; }'` |