===================================================================
RCS file: /home/cvsd/home/cvs/scripts/shell/firewall/fw-universal.sh,v
retrieving revision 2.70
retrieving revision 2.71
diff -u -p -r2.70 -r2.71
--- scripts/shell/firewall/fw-universal.sh	2009/07/01 12:28:07	2.70
+++ scripts/shell/firewall/fw-universal.sh	2009/11/06 23:14:36	2.71
@@ -9,7 +9,7 @@
 # Licensed under terms of GNU General Public License.
 # All rights reserved.
 #
-# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.69 2009-07-01 12:23:11 nepto Exp $
+# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.70 2009-07-01 12:28:07 nepto Exp $
 #
 # Changelog:
 # 2003-10-24 - created
@@ -652,6 +652,22 @@ drop_input()
 		done
 		print_info " done."
 	fi
+	if [ ! -z "$REAL_DROP_INPUT_TCP" ]; then
+		print_info -en "Drop REAL all INPUT TCP connections for ALL interfaces on ports:"
+		for port in $REAL_DROP_INPUT_TCP; do
+			print_info -en " $port(ALL)"
+			$IPTABLES -A INPUT -p TCP --dport $port -j DROP
+		done
+		print_info " done."
+	fi
+	if [ ! -z "$REAL_DROP_INPUT_UDP" ]; then
+		print_info -en "Drop REAL all INPUT UDP connections for ALL interfaces on ports:"
+		for port in $REAL_DROP_INPUT_UDP; do
+			print_info -en " $port(ALL)"
+			$IPTABLES -A INPUT -p UDP --dport $port -j DROP
+		done
+		print_info " done."
+	fi
 } # }}}
 
 reject_input()
@@ -676,11 +692,28 @@ reject_input()
 		done
 		print_info " done."
 	fi
+	if [ ! -z "$REAL_REJECT_INPUT_TCP" ]; then
+		print_info -en "Reject REAL all INPUT TCP connections for ALL interfaces on ports:"
+		for port in $REAL_REJECT_INPUT_TCP; do
+			print_info -en " $port(ALL)"
+			$IPTABLES -A INPUT -p TCP --dport $port -j REJECT --reject-with $REJECT_WITH
+		done
+		print_info " done."
+	fi
+	if [ ! -z "$REAL_REJECT_INPUT_UDP" ]; then
+		print_info -en "Reject REAL all INPUT UDP connections for ALL interfaces on ports:"
+		for port in $REAL_REJECT_INPUT_UDP; do
+			for riface in $REAL_INTERFACES; do
+				print_info -en " $port(ALL)"
+				$IPTABLES -A INPUT -p UDP --dport $port -j REJECT --reject-with $REJECT_WITH
+			done
+		done
+		print_info " done."
+	fi
 } # }}}
 
 allow_input()
 { # {{{
-
 	if [ ! -z "$ALL_ACCEPT_INPUT_TCP" ]; then
 		print_info -en "Accepting ALL INPUT TCP connections on ports:"
 		for port in $ALL_ACCEPT_INPUT_TCP; do
@@ -721,6 +754,35 @@ allow_input()
 		done
 		print_info " done."
 	fi
+
+	if [ ! -z "$REAL_ACCEPT_INPUT_TCP" ]; then
+		print_info -en "Accepting REAL all INPUT TCP connections for ALL interfaces on ports:"
+		for port in $REAL_ACCEPT_INPUT_TCP; do
+			src_ip=""
+			eval `echo $port | awk -v FS=: '/:/ { printf "src_ip=\"%s\"; port=\"%s\";", $1, $2; }'`
+			print_info -en " $port(ALL)"`[ ! -z $src_ip ] && echo "[$src_ip]"`
+			if [ -z "$src_ip" ]; then
+				$IPTABLES -A INPUT -p TCP --dport $port -j ACCEPT
+			else
+				$IPTABLES -A INPUT -s $src_ip -p TCP --dport $port -j ACCEPT
+			fi
+		done
+		print_info " done."
+	fi
+	if [ ! -z "$REAL_ACCEPT_INPUT_UDP" ]; then
+		print_info -en "Accepting REAL all INPUT UDP connections for ALL interfaces on ports:"
+		for port in $REAL_ACCEPT_INPUT_UDP; do
+			src_ip=""
+			eval `echo $port | awk -v FS=: '/:/ { printf "src_ip=\"%s\"; port=\"%s\";", $1, $2; }'`
+			print_info -en " $port(ALL)"`[ ! -z $src_ip ] && echo "[$src_ip]"`
+			if [ -z "$src_ip" ]; then
+				$IPTABLES -A INPUT -p UDP --dport $port -j ACCEPT
+			else
+				$IPTABLES -A INPUT -s $src_ip -p UDP --dport $port -j ACCEPT
+			fi
+		done
+		print_info " done."
+	fi
 
 	for iface in $INTERFACES; do
 		riface="IFname_$iface";