Forgot updateting firewall scripts.
This commit is contained in:
@@ -185,7 +185,7 @@ if $adjust6_kernel_parameters ; then
|
||||
else
|
||||
echo_skipped
|
||||
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
|
||||
@@ -321,7 +321,7 @@ $ip6t -A OUTPUT -o lo -j ACCEPT
|
||||
|
||||
echo_done
|
||||
|
||||
echo
|
||||
echo
|
||||
|
||||
|
||||
|
||||
@@ -422,7 +422,7 @@ fi
|
||||
# - Block UDP Ports out
|
||||
# ---
|
||||
|
||||
echononl "\tBlock UDP Ports extern out.."
|
||||
echononl "\tBlock UDP Ports extern out.."
|
||||
|
||||
if [[ ${#block_udp_extern_out_port_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
@@ -449,7 +449,7 @@ fi
|
||||
# - Block TCP Ports out
|
||||
# ---
|
||||
|
||||
echononl "\tBlock TCP Ports extern out.."
|
||||
echononl "\tBlock TCP Ports extern out.."
|
||||
|
||||
if [[ ${#block_tcp_extern_out_port_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
@@ -720,7 +720,7 @@ echo
|
||||
# - HACK for integrating suricata IPS (Inline Mode) at 'gw-ckubu'
|
||||
# -
|
||||
echononl "\tForward to suricata IPS (inline Mode)"
|
||||
if [[ -n "$(ps ax | grep "/usr/bin/suricata" 2>/dev/null | grep -v grep 2> /dev/null | awk '{print$1}')" ]] ; then
|
||||
if [[ -n "$(ps ax | grep "/usr/bin/suricata" 2>/dev/null | grep -v grep 2> /dev/null | awk '{print$1}')" ]] ; then
|
||||
$ip6t -A FORWARD -m mark ! --mark 0x1/0x1 -j NFQUEUE --queue-balance 0:3
|
||||
echo_done
|
||||
else
|
||||
@@ -734,8 +734,8 @@ echo
|
||||
# --- iPerf
|
||||
# -------------
|
||||
|
||||
# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks.
|
||||
# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP,
|
||||
# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks.
|
||||
# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP,
|
||||
# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
|
||||
|
||||
echononl "\tCreate \"iPerf\" rules.."
|
||||
@@ -774,7 +774,7 @@ for _dev in ${local_if_arr[@]} ; do
|
||||
done
|
||||
fi
|
||||
if $not_wanted_ident ; then
|
||||
$ip6t -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset
|
||||
$ip6t -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset
|
||||
fi
|
||||
for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
|
||||
$ip6t -A INPUT -i $_dev -p tcp --dport $_port -j DROP
|
||||
@@ -1127,10 +1127,10 @@ echononl "\tDNS Service Gateway"
|
||||
# -
|
||||
if $local_dns_service ; then
|
||||
|
||||
# dns requests
|
||||
# dns requests
|
||||
#
|
||||
# Note:
|
||||
# If the total size of the DNS record is larger than 512 bytes,
|
||||
# If the total size of the DNS record is larger than 512 bytes,
|
||||
# it will be sent over TCP, not UDP.
|
||||
#
|
||||
|
||||
@@ -1143,7 +1143,7 @@ if $local_dns_service ; then
|
||||
done
|
||||
|
||||
# - Zonetransfere (uses tcp/53)
|
||||
#
|
||||
#
|
||||
for _ip in ${dns_server_ips[@]} ; do
|
||||
# - out
|
||||
# -
|
||||
@@ -1157,7 +1157,7 @@ if $local_dns_service ; then
|
||||
done
|
||||
|
||||
echo_done
|
||||
else
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
@@ -1172,10 +1172,10 @@ echononl "\tDNS Service local Network"
|
||||
# -
|
||||
if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
# dns requests
|
||||
# dns requests
|
||||
#
|
||||
# Note:
|
||||
# If the total size of the DNS record is larger than 512 bytes,
|
||||
# If the total size of the DNS record is larger than 512 bytes,
|
||||
# it will be sent over TCP, not UDP.
|
||||
#
|
||||
|
||||
@@ -1212,7 +1212,7 @@ if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
|
||||
if $kernel_forward_between_interfaces ; then
|
||||
$ip6t -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
|
||||
fi
|
||||
done
|
||||
done
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
@@ -1234,7 +1234,7 @@ if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
|
||||
if $kernel_forward_between_interfaces ; then
|
||||
$ip6t -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
|
||||
fi
|
||||
done
|
||||
done
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
@@ -1255,7 +1255,7 @@ if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
|
||||
if $kernel_forward_between_interfaces ; then
|
||||
$ip6t -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
|
||||
fi
|
||||
done
|
||||
done
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
@@ -1526,7 +1526,7 @@ if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
|
||||
done
|
||||
|
||||
done
|
||||
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
@@ -1627,7 +1627,7 @@ if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
@@ -1848,7 +1848,7 @@ if [[ ${#allow_local_net_to_ext_service_arr[@]} -gt 0 ]] \
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
@@ -1918,7 +1918,7 @@ if [[ ${#allow_to_ext_service_arr[@]} -gt 0 ]] ; then
|
||||
$ip6t -A FORWARD -p tcp -s ${_val_arr[0]} --sport ${_port} --tcp-flag ACK ACK -j ACCEPT
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
|
||||
done
|
||||
|
||||
@@ -1953,7 +1953,7 @@ if [[ ${#allow_to_ext_net_arr[@]} -gt 0 ]] ; then
|
||||
$ip6t -A FORWARD -p tcp -s $_net --tcp-flag ACK ACK -j ACCEPT
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
|
||||
done
|
||||
|
||||
@@ -2012,7 +2012,7 @@ if $kernel_forward_between_interfaces ; then
|
||||
for _dev_2 in ${local_if_arr[@]} ; do
|
||||
|
||||
# - Notice:
|
||||
# - In case of routing multiple netwoks on the same interface or
|
||||
# - In case of routing multiple netwoks on the same interface or
|
||||
# - using alias interfaces like eth0:0, you need a rule with
|
||||
# - incomming- and outgoing interface are equal!
|
||||
# -
|
||||
@@ -2214,7 +2214,7 @@ if $allow_ssh_between_local_nets ; then
|
||||
|
||||
if ! $permit_between_local_networks ; then
|
||||
# - Notice:
|
||||
# - In case of routing multiple netwoks on the same interface or
|
||||
# - In case of routing multiple netwoks on the same interface or
|
||||
# - using alias interfaces like eth0:0, you need a rule with
|
||||
# - incomming- and outgoing interface are equal!
|
||||
# -
|
||||
@@ -2529,7 +2529,7 @@ unset no_if_for_ip_arr
|
||||
declare -a no_if_for_ip_arr
|
||||
|
||||
if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
|
||||
http_port_arr=(${http_ports//,/ })
|
||||
http_port_arr=(${http_ports//,/ })
|
||||
for _ip in "${!http_server_dmz_arr[@]}"; do
|
||||
|
||||
# - Skip if no interface is given
|
||||
@@ -2699,7 +2699,7 @@ if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
|
||||
# -
|
||||
# - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
|
||||
# -
|
||||
# -
|
||||
# -
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
if $provide_mailservice_from_local ; then
|
||||
# - Note!
|
||||
@@ -2803,7 +2803,7 @@ unset no_if_for_ip_arr
|
||||
declare -a no_if_for_ip_arr
|
||||
|
||||
if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
|
||||
mail_port_arr=(${mail_user_ports//,/ })
|
||||
mail_port_arr=(${mail_user_ports//,/ })
|
||||
mail_port_arr+=("$mail_smtp_port")
|
||||
for _ip in "${!mail_server_dmz_arr[@]}"; do
|
||||
|
||||
@@ -3012,7 +3012,7 @@ if $local_ftp_service ; then
|
||||
# - (Re)define helper
|
||||
# -
|
||||
# - !! Note: !!
|
||||
# - for both, local FTP server (ftp_server_ip_arr)
|
||||
# - for both, local FTP server (ftp_server_ip_arr)
|
||||
# - and forward to (extern) FTP server (forward_ftp_server_ip_arr)
|
||||
# -
|
||||
if ! $ftp_helper_prerouting_defined ; then
|
||||
@@ -3033,7 +3033,7 @@ if $local_ftp_service ; then
|
||||
# - - If matched, the "last seen" timestamp of the source address will be updated (--update).
|
||||
# -
|
||||
# - - Entries in the ftpdata list not seen in the last 1800 will be removed (--reap).
|
||||
# -
|
||||
# -
|
||||
$ip6t -A INPUT -p tcp -m state --state NEW --sport 1024: --dport $ftp_passive_port_range \
|
||||
-m recent --name ftp6service --update --seconds 1800 --reap -j ACCEPT
|
||||
|
||||
@@ -3111,7 +3111,7 @@ if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_i
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
@@ -3166,7 +3166,7 @@ if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; th
|
||||
$ip6t -A OUTPUT -p tcp -d $_ip --dport $standard_ftp_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
# - From extern
|
||||
if $kernel_forward_between_interfaces ; then
|
||||
if $kernel_forward_between_interfaces ; then
|
||||
$ip6t -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $standard_ftp_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
|
||||
@@ -3205,7 +3205,7 @@ if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; th
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
|
||||
# ---
|
||||
# - TFTF Service out only
|
||||
@@ -3258,7 +3258,7 @@ if $allow_samba_requests_out && ! $permit_local_net_to_inet ; then
|
||||
done
|
||||
|
||||
if $kernel_forward_between_interfaces ; then
|
||||
|
||||
|
||||
for _port in ${samba_udp_port_arr[@]} ; do
|
||||
$ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
done
|
||||
@@ -3406,6 +3406,51 @@ else
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - MS SQL Datenbank Services
|
||||
# ---
|
||||
|
||||
echononl "\t\tMS SQL Datenbank Services only local Networks"
|
||||
|
||||
if [[ ${#ms_sql_server_local_ip_arr[@]} -gt 0 ]]; then
|
||||
for _ip in ${ms_sql_server_local_ip_arr[@]} ; do
|
||||
|
||||
for _port in ${ms_sql_m_udp_port_arr[@]} ; do
|
||||
$ip6t -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
done
|
||||
for _port in ${ms_sql_s_tcp_port_arr[@]} ; do
|
||||
$ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
done
|
||||
|
||||
if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
|
||||
for _port in ${ms_sql_m_udp_port_arr[@]} ; do
|
||||
$ip6t -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
done
|
||||
for _port in ${ms_sql_s_tcp_port_arr[@]} ; do
|
||||
$ip6t -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
done
|
||||
|
||||
# - Rule is needed if (local) interface aliases in use (like eth0:1)
|
||||
# -
|
||||
if $local_alias_interfaces ; then
|
||||
for _port in ${ms_sql_m_udp_port_arr[@]} ; do
|
||||
$ip6t -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
done
|
||||
for _port in ${ms_sql_s_tcp_port_arr[@]} ; do
|
||||
$ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
|
||||
$ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
|
||||
done
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
|
||||
# ---
|
||||
# - LDAP Service only out
|
||||
# ---
|
||||
@@ -3603,8 +3648,8 @@ fi
|
||||
# - CPAN Wait only out
|
||||
# ---
|
||||
|
||||
# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on
|
||||
# - a WAIT server. It connects to a WAIT server using a simple protocoll
|
||||
# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on
|
||||
# - a WAIT server. It connects to a WAIT server using a simple protocoll
|
||||
# - resembling NNTP as described in RFC977.
|
||||
|
||||
echononl "\t\tCPAN Wait only out"
|
||||
@@ -3644,7 +3689,7 @@ fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Jabber only out
|
||||
# - Jabber only out
|
||||
# ---
|
||||
|
||||
echononl "\t\tJabber only out"
|
||||
@@ -3666,7 +3711,7 @@ fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Silc only out
|
||||
# - Silc only out
|
||||
# ---
|
||||
|
||||
echononl "\t\tSilc only out"
|
||||
@@ -3686,7 +3731,7 @@ fi
|
||||
|
||||
|
||||
# ---
|
||||
# - IRC (Internet Relay Chat) only out
|
||||
# - IRC (Internet Relay Chat) only out
|
||||
# ---
|
||||
|
||||
echononl "\t\tIRC only out"
|
||||
@@ -3797,7 +3842,7 @@ if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
|
||||
for _ip in ${rm_server_ip_arr[@]} ; do
|
||||
|
||||
$ip6t -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
|
||||
if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
|
||||
$ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
@@ -4390,7 +4435,7 @@ fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Rsyncd (only Out) Gateway
|
||||
# - Rsyncd (only Out) Gateway
|
||||
# ---
|
||||
|
||||
echononl "\t\tRsyncd (only OUT) Gateway"
|
||||
@@ -4428,7 +4473,7 @@ if $forward_rsync_out && $kernel_forward_between_interfaces && ! $permit_local_n
|
||||
if $local_alias_interfaces ; then
|
||||
$ip6t -A FORWARD -i $_local_dev -o $_ext_dev -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
|
||||
$ip6t -A FORWARD -i $_ext_dev -o $_local_dev -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
|
||||
fi
|
||||
fi
|
||||
done
|
||||
done
|
||||
done
|
||||
@@ -4436,7 +4481,7 @@ if $forward_rsync_out && $kernel_forward_between_interfaces && ! $permit_local_n
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
|
||||
@@ -4585,7 +4630,7 @@ echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
|
||||
if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
|
||||
&& $kernel_forward_between_interfaces \
|
||||
&& ! $permit_between_local_networks \
|
||||
&& $allow_scanning_between_local_nets ; then
|
||||
&& $allow_scanning_between_local_nets ; then
|
||||
for _ip in ${brother_scanner_ip_arr[@]} ; do
|
||||
for _dev in ${local_if_arr[@]} ; do
|
||||
# - UDP
|
||||
@@ -4614,7 +4659,7 @@ echononl "\t\tEpson Network Scanner (Port $epson_scan_port) only between local N
|
||||
if [[ ${#epson_scanner_ip_arr[@]} -gt 0 ]] \
|
||||
&& $kernel_forward_between_interfaces \
|
||||
&& ! $permit_between_local_networks \
|
||||
&& $allow_scanning_between_local_nets ; then
|
||||
&& $allow_scanning_between_local_nets ; then
|
||||
for _ip in ${epson_scanner_ip_arr[@]} ; do
|
||||
for _dev in ${local_if_arr[@]} ; do
|
||||
# - UDP
|
||||
@@ -4650,6 +4695,9 @@ echononl "\t\tOther local Services"
|
||||
if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
|
||||
for _val in ${other_service_arr[@]} ; do
|
||||
IFS=',' read -a _val_arr <<< "${_val}"
|
||||
|
||||
$ip6t -A OUTPUT -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
for _dev in ${local_if_arr[@]} ; do
|
||||
$ip6t -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
@@ -4838,7 +4886,7 @@ if $local_unifi_controller_service \
|
||||
$ip6t -A INPUT -p tcp -m multiport --dports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A INPUT -p udp -m multiport --dports $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
if $kernel_activate_forwarding ; then
|
||||
if $kernel_forward_between_interfaces ; then
|
||||
$ip6t -A FORWARD -p tcp -m multiport --dports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -p tcp -m multiport --sports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -p udp -m multiport --dports $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
@@ -4989,7 +5037,7 @@ if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
|
||||
for _port in ${ipmi_tcp_port_arr[@]} ; do
|
||||
$ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
done
|
||||
|
||||
|
||||
if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
|
||||
for _port in ${ipmi_udp_port_arr[@]} ; do
|
||||
$ip6t -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
@@ -5192,7 +5240,7 @@ if $allow_gaming_out && ! $permit_local_net_to_inet ; then
|
||||
|
||||
# - Rule is needed if (local) interface aliases in use (like eth0:1)
|
||||
# -
|
||||
if $kernel_activate_forwarding && $local_alias_interfaces ; then
|
||||
if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
|
||||
$ip6t -A FORWARD -p tcp -o $_dev --dport $_port --tcp-flag ACK ACK -j ACCEPT
|
||||
$ip6t -A FORWARD -p tcp -i $_dev --sport $_port --tcp-flag ACK ACK -j ACCEPT
|
||||
fi
|
||||
@@ -5344,7 +5392,7 @@ if $log_rejected || $log_all ; then
|
||||
$ip6t -A OUTPUT -j $LOG_TARGET $tag_log_prefix "$log_prefix OUT Rejected: "
|
||||
$ip6t -A INPUT -j $LOG_TARGET $tag_log_prefix "$log_prefix IN Rejected: "
|
||||
$ip6t -A FORWARD -j $LOG_TARGET $tag_log_prefix "$log_prefix FORWARD Rejected: "
|
||||
#$ip6t -A OUTPUT -m limit --limit-burst 5 -j $LOG_TARGET $tag_log_prefix "$log_prefix OUT Rejected: "
|
||||
#$ip6t -A OUTPUT -m limit --limit-burst 5 -j $LOG_TARGET $tag_log_prefix "$log_prefix OUT Rejected: "
|
||||
#$ip6t -A INPUT -m limit --limit-burst 5 -j $LOG_TARGET $tag_log_prefix "$log_prefix IN Rejected: "
|
||||
#$ip6t -A FORWARD -m limit --limit-burst 5 -j $LOG_TARGET $tag_log_prefix "$log_prefix FORWARD Rejected: "
|
||||
echo_done
|
||||
|
||||
Reference in New Issue
Block a user