firewall/ipt-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reorganize ports for services, rename 'default_ports.conf' to 'ports.conf'.

Browse Source
This commit is contained in:
Christoph
2019-03-09 15:42:24 +01:00
parent 4967e6549d
commit c6de143b1e
6 changed files with 105 additions and 143 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
ip6t-firewall-server
View File

@ -22,7 +22,7 @@ inc_functions_file="${ipt_conf_dir}/include_functions.conf"
load_modules_file=${ipt_conf_dir}/load_modules_ipv6.conf
conf_logging=${ipt_conf_dir}/logging_ipv6.conf
conf_default_ports=${ipt_conf_dir}/default_ports.conf
conf_ports=${ipt_conf_dir}/ports.conf
conf_interfaces=${ipt_conf_dir}/interfaces_ipv6.conf
conf_main=${ipt_conf_dir}/main_ipv6.conf
conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
@ -111,10 +111,10 @@ else
source $conf_logging
fi
if [[ ! -f "$conf_default_ports" ]]; then
fatal "Missing configuration for default_ports - file '$conf_default_ports'"
if [[ ! -f "$conf_ports" ]]; then
fatal "Missing configuration for default_ports - file '$conf_ports'"
else
source $conf_default_ports
source $conf_ports
fi
if [[ ! -f "$conf_interfaces" ]]; then
@ -619,25 +619,25 @@ done
for _dev in ${ext_if_arr[@]} ; do
if $log_spoofed || $log_all ; then
$ip6t -A INPUT -i $_dev -s $ula_block -j $LOG_TARGET $tag_log_prefix "$log_prefix Private (ula_block): "
$ip6t -A INPUT -i $_dev -s $loopback -j $LOG_TARGET $tag_log_prefix "$log_prefix (loopback): "
$ip6t -A INPUT -i $_dev -s $loopback_ipv6 -j $LOG_TARGET $tag_log_prefix "$log_prefix (loopback): "
if $kernel_forward_between_interfaces ; then
$ip6t -A FORWARD -i $_dev -s $ula_block -j $LOG_TARGET $tag_log_prefix "$log_prefix Private (ula_block): "
$ip6t -A FORWARD -i $_dev -s $loopback -j $LOG_TARGET $tag_log_prefix "$log_prefix (loopback): "
$ip6t -A FORWARD -i $_dev -s $loopback_ipv6 -j $LOG_TARGET $tag_log_prefix "$log_prefix (loopback): "
fi
fi
$ip6t -A INPUT -i $_dev -s $ula_block -j DROP
$ip6t -A INPUT -i $_dev -s $loopback -j DROP
$ip6t -A INPUT -i $_dev -s $loopback_ipv6 -j DROP
if $kernel_forward_between_interfaces ; then
$ip6t -A FORWARD -i $_dev -s $ula_block -j DROP
$ip6t -A FORWARD -i $_dev -s $loopback -j DROP
$ip6t -A FORWARD -i $_dev -s $loopback_ipv6 -j DROP
fi
# Don't allow spoofing from that server
$ip6t -A OUTPUT -o $_dev -s $ula_block -j DROP
$ip6t -A OUTPUT -o $_dev -s $loopback -j DROP
$ip6t -A OUTPUT -o $_dev -s $loopback_ipv6 -j DROP
if $kernel_forward_between_interfaces ; then
$ip6t -A FORWARD -o $_dev -s $ula_block -j DROP
$ip6t -A FORWARD -o $_dev -s $loopback -j DROP
$ip6t -A FORWARD -o $_dev -s $loopback_ipv6 -j DROP
fi
done