Fix error concerning variable 'loopback'
This commit is contained in:
parent
bbffa0fabb
commit
45b144f416
@ -450,25 +450,25 @@ if $protect_against_several_attacks ; then
|
||||
for _dev in ${dsl_device_arr[@]} ; do
|
||||
if $log_spoofed || $log_all ; then
|
||||
$ip6t -A INPUT -i $_dev -s $ula_block -j $LOG_TARGET $tag_log_prefix "$log_prefix Private (ula_block): "
|
||||
$ip6t -A INPUT -i $_dev -s $loopback -j $LOG_TARGET $tag_log_prefix "$log_prefix (loopback): "
|
||||
$ip6t -A INPUT -i $_dev -s $loopback_ipv6 -j $LOG_TARGET $tag_log_prefix "$log_prefix (loopback): "
|
||||
if $kernel_forward_between_interfaces ; then
|
||||
$ip6t -A FORWARD -i $_dev -s $ula_block -j $LOG_TARGET $tag_log_prefix "$log_prefix Private (ula_block): "
|
||||
$ip6t -A FORWARD -i $_dev -s $loopback -j $LOG_TARGET $tag_log_prefix "$log_prefix (loopback): "
|
||||
$ip6t -A FORWARD -i $_dev -s $loopback_ipv6 -j $LOG_TARGET $tag_log_prefix "$log_prefix (loopback): "
|
||||
fi
|
||||
fi
|
||||
$ip6t -A INPUT -i $_dev -s $ula_block -j DROP
|
||||
$ip6t -A INPUT -i $_dev -s $loopback -j DROP
|
||||
$ip6t -A INPUT -i $_dev -s $loopback_ipv6 -j DROP
|
||||
if $kernel_forward_between_interfaces ; then
|
||||
$ip6t -A FORWARD -i $_dev -s $ula_block -j DROP
|
||||
$ip6t -A FORWARD -i $_dev -s $loopback -j DROP
|
||||
$ip6t -A FORWARD -i $_dev -s $loopback_ipv6 -j DROP
|
||||
fi
|
||||
|
||||
# Don't allow spoofing from that server
|
||||
$ip6t -A OUTPUT -o $_dev -s $ula_block -j DROP
|
||||
$ip6t -A OUTPUT -o $_dev -s $loopback -j DROP
|
||||
$ip6t -A OUTPUT -o $_dev -s $loopback_ipv6 -j DROP
|
||||
if $kernel_forward_between_interfaces ; then
|
||||
$ip6t -A FORWARD -o $_dev -s $ula_block -j DROP
|
||||
$ip6t -A FORWARD -o $_dev -s $loopback -j DROP
|
||||
$ip6t -A FORWARD -o $_dev -s $loopback_ipv6 -j DROP
|
||||
fi
|
||||
done
|
||||
echo_done
|
||||
|
||||
@ -824,12 +824,13 @@ if $protect_against_several_attacks ; then
|
||||
# - Protection against syn-flooding
|
||||
# ---
|
||||
|
||||
$ipt -N syn-flood
|
||||
$ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
|
||||
$ipt -N syn_flood
|
||||
$ipt -A INPUT -p tcp --syn -j syn_flood
|
||||
$ipt -A syn_flood -m limit --limit 1/s --limit-burst 3 -j RETURN
|
||||
if $log_syn_flood || $log_all ; then
|
||||
$ipt -A syn-flood -j $LOG_TARGET $tag_log_prefix "$log_prefix SYN flood: "
|
||||
$ipt -A syn_flood -j $LOG_TARGET $tag_log_prefix "$log_prefix SYN flood: "
|
||||
fi
|
||||
$ipt -A syn-flood -j DROP
|
||||
$ipt -A syn_flood -j DROP
|
||||
|
||||
|
||||
# ---
|
||||
@ -934,7 +935,7 @@ if $protect_against_several_attacks ; then
|
||||
$ipt -A INPUT -i $_dev -s $priv_class_a -j $LOG_TARGET $tag_log_prefix "$log_prefix Class A private net: "
|
||||
$ipt -A INPUT -i $_dev -s $priv_class_b -j $LOG_TARGET $tag_log_prefix "$log_prefix Class B private net: "
|
||||
$ipt -A INPUT -i $_dev -s $priv_class_c -j $LOG_TARGET $tag_log_prefix "$log_prefix Class C private net: "
|
||||
$ipt -A INPUT -i $_dev -s $loopback -j $LOG_TARGET $tag_log_prefix "$log_prefix From Loopback: "
|
||||
$ipt -A INPUT -i $_dev -s $loopback_ipv4 -j $LOG_TARGET $tag_log_prefix "$log_prefix From Loopback: "
|
||||
$ipt -A INPUT -i $_dev -s $class_d_multicast -j $LOG_TARGET $tag_log_prefix "$log_prefix Class D Multicast: "
|
||||
$ipt -A INPUT -i $_dev -s $class_e_reserved -j $LOG_TARGET $tag_log_prefix "$log_prefix Class E reserved: "
|
||||
#$ipt -A INPUT -i $_dev -d $broadcast_addr -j $LOG_TARGET $tag_log_prefix "$log_prefix Broadcast Address: "
|
||||
@ -943,7 +944,7 @@ if $protect_against_several_attacks ; then
|
||||
$ipt -A FORWARD -i $_dev -s $priv_class_a -j $LOG_TARGET $tag_log_prefix "$log_prefix Class A private net: "
|
||||
$ipt -A FORWARD -i $_dev -s $priv_class_b -j $LOG_TARGET $tag_log_prefix "$log_prefix Class B private net: "
|
||||
$ipt -A FORWARD -i $_dev -s $priv_class_c -j $LOG_TARGET $tag_log_prefix "$log_prefix Class C private net: "
|
||||
$ipt -A FORWARD -i $_dev -s $loopback -j $LOG_TARGET $tag_log_prefix "$log_prefix From Loopback: "
|
||||
$ipt -A FORWARD -i $_dev -s $loopback_ipv4 -j $LOG_TARGET $tag_log_prefix "$log_prefix From Loopback: "
|
||||
$ipt -A FORWARD -i $_dev -s $class_d_multicast -j $LOG_TARGET $tag_log_prefix "$log_prefix Class D Multicast: "
|
||||
$ipt -A FORWARD -i $_dev -s $class_e_reserved -j $LOG_TARGET $tag_log_prefix "$log_prefix Class E reserved: "
|
||||
#$ipt -A FORWARD -i $_dev -d $broadcast_addr -j $LOG_TARGET $tag_log_prefix "$log_prefix Broadcast Address: "
|
||||
@ -956,7 +957,7 @@ if $protect_against_several_attacks ; then
|
||||
# Retfuse packets claiming to be from a Class C private network.
|
||||
$ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
|
||||
# Refuse packets claiming to be from loopback interface.
|
||||
$ipt -A INPUT -i $_dev -s $loopback -j DROP
|
||||
$ipt -A INPUT -i $_dev -s $loopback_ipv4 -j DROP
|
||||
# Refuse Class D multicast addresses. Multicast is illegal as a source address.
|
||||
$ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
|
||||
# Refuse Class E reserved IP addresses.
|
||||
@ -971,7 +972,7 @@ if $protect_against_several_attacks ; then
|
||||
# Refuse packets claiming to be from a Class C private network.
|
||||
$ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
|
||||
# Refuse packets claiming to be from loopback interface.
|
||||
$ipt -A FORWARD -i $_dev -s $loopback -j DROP
|
||||
$ipt -A FORWARD -i $_dev -s $loopback_ipv4 -j DROP
|
||||
# Refuse Class D multicast addresses. Multicast is illegal as a source address.
|
||||
$ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
|
||||
# Refuse Class E reserved IP addresses.
|
||||
@ -991,14 +992,14 @@ if $protect_against_several_attacks ; then
|
||||
# quench to the loopback.
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
if $log_to_lo || $log_all ; then
|
||||
$ipt -A INPUT -i $_dev -d $loopback -j $LOG_TARGET $tag_log_prefix "$log_prefix To Loopback: "
|
||||
$ipt -A INPUT -i $_dev -d $loopback_ipv4 -j $LOG_TARGET $tag_log_prefix "$log_prefix To Loopback: "
|
||||
if $kernel_activate_forwarding ; then
|
||||
$ipt -A FORWARD -i $_dev -d $loopback -j $LOG_TARGET $tag_log_prefix "$log_prefix To Loopback: "
|
||||
$ipt -A FORWARD -i $_dev -d $loopback_ipv4 -j $LOG_TARGET $tag_log_prefix "$log_prefix To Loopback: "
|
||||
fi
|
||||
fi
|
||||
$ipt -A INPUT -i $_dev -d $loopback -j DROP
|
||||
$ipt -A INPUT -i $_dev -d $loopback_ipv4 -j DROP
|
||||
if $kernel_activate_forwarding ; then
|
||||
$ipt -A FORWARD -i $_dev -d $loopback -j DROP
|
||||
$ipt -A FORWARD -i $_dev -d $loopback_ipv4 -j DROP
|
||||
fi
|
||||
done
|
||||
|
||||
@ -1012,12 +1013,12 @@ if $protect_against_several_attacks ; then
|
||||
$ipt -A OUTPUT -o $_dev -s $priv_class_a -j $LOG_TARGET $tag_log_prefix "$log_prefix out Class A: "
|
||||
$ipt -A OUTPUT -o $_dev -s $priv_class_b -j $LOG_TARGET $tag_log_prefix "$log_prefix out Class B: "
|
||||
$ipt -A OUTPUT -o $_dev -s $priv_class_c -j $LOG_TARGET $tag_log_prefix "$log_prefix out Class C: "
|
||||
$ipt -A OUTPUT -o $_dev -s $loopback -j $LOG_TARGET $tag_log_prefix "$log_prefix out Loopback: "
|
||||
$ipt -A OUTPUT -o $_dev -s $loopback_ipv4 -j $LOG_TARGET $tag_log_prefix "$log_prefix out Loopback: "
|
||||
fi
|
||||
$ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
|
||||
$ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
|
||||
$ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
|
||||
$ipt -A OUTPUT -o $_dev -s $loopback -j DROP
|
||||
$ipt -A OUTPUT -o $_dev -s $loopback_ipv4 -j DROP
|
||||
done
|
||||
|
||||
echo_done
|
||||
|
||||
Loading…
Reference in New Issue
Block a user