verzia 2.21, 2005/03/06 19:18:04 |
verzia 2.24, 2005/04/18 22:49:30 |
|
|
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.20 2005/03/04 23:53:14 rajo Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.23 2005/04/15 22:07:18 rajo Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
Riadok 118 antispoof_on() |
|
Riadok 118 antispoof_on() |
|
done |
done |
} # }}} |
} # }}} |
|
|
|
forward_on() |
|
{ # {{{ |
|
echo -en "NAT: Enabling packet forwarding..." |
|
echo 1 > /proc/sys/net/ipv4/ip_forward |
|
echo " done." |
|
} # }}} |
|
|
|
forward_off() |
|
{ # {{{ |
|
echo -en "NAT: Disabling packet forwarding..." |
|
echo 0 > /proc/sys/net/ipv4/ip_forward |
|
echo " done." |
|
} # }}} |
|
|
# clear status of iptable chains |
# clear status of iptable chains |
remove_chains() |
remove_chains() |
{ # {{{ |
{ # {{{ |
Riadok 275 mangle_output() |
|
Riadok 289 mangle_output() |
|
masquerade() |
masquerade() |
{ # {{{ |
{ # {{{ |
if [ ! -z "$NAT_LAN_IFACE" ]; then |
if [ ! -z "$NAT_LAN_IFACE" ]; then |
|
echo -en "NAT: Enabling packet forwarding..." |
|
echo 1 > /proc/sys/net/ipv4/ip_forward |
|
echo " done." |
echo -en "NAT: Masquerading local subnet: $NAT_SUBNET_IFACE --> $NAT_LAN_IFACE" |
echo -en "NAT: Masquerading local subnet: $NAT_SUBNET_IFACE --> $NAT_LAN_IFACE" |
|
|
ip="IP_$NAT_SUBNET_IFACE"; |
ip="IP_$NAT_SUBNET_IFACE"; |
|
|
|
|
} # }}} |
} # }}} |
|
|
|
bann_ip_adresses() |
|
{ # {{{ |
|
# |
|
# This feature has been developed for following reason: |
|
# UbiCrawler spam our website with many requests (they are duplicit requests of the same page!) |
|
# And this web robot doesn't accept HTTP META tags (http://www.robotstxt.org/wc/faq.html#extension) |
|
# |
|
# Bann them too! |
|
# |
|
#IP address is: 146.48.97.11 146.48.97.13 |
|
# User Agent: "UbiCrawler/v0.4beta (http://ubi.iit.cnr.it/projects/ubicrawler/)" |
|
# |
|
if [ ! -z "$BANNED_IP" ]; then |
|
echo -en "Dropping ALL packets from IP:" |
|
for banned_ip in $BANNED_IP; do |
|
echo -en " $banned_ip" |
|
$IPTABLES -A INPUT -s $banned_ip -j DROP |
|
$IPTABLES -A FORWARD -s $banned_ip -j DROP |
|
done |
|
echo " done." |
|
fi |
|
} # }}} |
|
|
allow_accept_all() |
allow_accept_all() |
{ # {{{ |
{ # {{{ |
if [ ! -z "$IFACE_ACCEPT_ALL" ]; then |
if [ ! -z "$IFACE_ACCEPT_ALL" ]; then |
Riadok 699 for iface in $interfaces; do |
|
Riadok 739 for iface in $interfaces; do |
|
INTERFACES="$INTERFACES $iface"; |
INTERFACES="$INTERFACES $iface"; |
fi |
fi |
done |
done |
|
INTERFACES_ACCEPT_ALL="$IFACE_ACCEPT_ALL" |
|
|
|
|
case "$1" in |
case "$1" in |
|
|
# |
# |
# (un)commnet next lines as needed |
# (un)commnet next lines as needed |
# |
# |
|
bann_ip_adresses |
allow_accept_all |
allow_accept_all |
nmap_scan_filter |
nmap_scan_filter |
invalid_packet_filter |
invalid_packet_filter |
|
|
set_default_policy |
set_default_policy |
remove_chains |
remove_chains |
unload_modules |
unload_modules |
|
forward_off |
;; |
;; |
|
|
status) |
status) |