Reorganize ports for services, rename 'default_ports.conf' to 'ports.conf'.
This commit is contained in:
@ -22,7 +22,7 @@ inc_functions_file="${ipt_conf_dir}/include_functions.conf"
|
||||
load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
|
||||
|
||||
conf_logging=${ipt_conf_dir}/logging_ipv4.conf
|
||||
conf_default_ports=${ipt_conf_dir}/default_ports.conf
|
||||
conf_ports=${ipt_conf_dir}/ports.conf
|
||||
conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
|
||||
conf_main=${ipt_conf_dir}/main_ipv4.conf
|
||||
conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
|
||||
@ -111,10 +111,10 @@ else
|
||||
source $conf_logging
|
||||
fi
|
||||
|
||||
if [[ ! -f "$conf_default_ports" ]]; then
|
||||
fatal "Missing configuration for default_ports - file '$conf_default_ports'"
|
||||
if [[ ! -f "$conf_ports" ]]; then
|
||||
fatal "Missing configuration for default_ports - file '$conf_ports'"
|
||||
else
|
||||
source $conf_default_ports
|
||||
source $conf_ports
|
||||
fi
|
||||
|
||||
if [[ ! -f "$conf_interfaces" ]]; then
|
||||
@ -779,7 +779,7 @@ for _dev in ${ext_if_arr[@]} ; do
|
||||
$ipt -A INPUT -i $_dev -s $priv_class_a -j $LOG_TARGET $tag_log_prefix "$log_prefix Class A private net:"
|
||||
$ipt -A INPUT -i $_dev -s $priv_class_b -j $LOG_TARGET $tag_log_prefix "$log_prefix Class B private net:"
|
||||
$ipt -A INPUT -i $_dev -s $priv_class_c -j $LOG_TARGET $tag_log_prefix "$log_prefix Class C private net:"
|
||||
$ipt -A INPUT -i $_dev -s $loopback -j $LOG_TARGET $tag_log_prefix "$log_prefix From Loopback:"
|
||||
$ipt -A INPUT -i $_dev -s $loopback_ipv4 -j $LOG_TARGET $tag_log_prefix "$log_prefix From Loopback:"
|
||||
$ipt -A INPUT -i $_dev -s $class_d_multicast -j $LOG_TARGET $tag_log_prefix "$log_prefix Class D Multicast:"
|
||||
$ipt -A INPUT -i $_dev -s $class_e_reserved -j $LOG_TARGET $tag_log_prefix "$log_prefix Class E reserved:"
|
||||
#$ipt -A INPUT -i $_dev -d $broadcast_addr -j $LOG_TARGET $tag_log_prefix "$log_prefix Broadcast Address:"
|
||||
@ -788,7 +788,7 @@ for _dev in ${ext_if_arr[@]} ; do
|
||||
$ipt -A FORWARD -i $_dev -s $priv_class_a -j $LOG_TARGET $tag_log_prefix "$log_prefix Class A private net:"
|
||||
$ipt -A FORWARD -i $_dev -s $priv_class_b -j $LOG_TARGET $tag_log_prefix "$log_prefix Class B private net:"
|
||||
$ipt -A FORWARD -i $_dev -s $priv_class_c -j $LOG_TARGET $tag_log_prefix "$log_prefix Class C private net:"
|
||||
$ipt -A FORWARD -i $_dev -s $loopback -j $LOG_TARGET $tag_log_prefix "$log_prefix From Loopback:"
|
||||
$ipt -A FORWARD -i $_dev -s $loopback_ipv4 -j $LOG_TARGET $tag_log_prefix "$log_prefix From Loopback:"
|
||||
$ipt -A FORWARD -i $_dev -s $class_d_multicast -j $LOG_TARGET $tag_log_prefix "$log_prefix Class D Multicast:"
|
||||
$ipt -A FORWARD -i $_dev -s $class_e_reserved -j $LOG_TARGET $tag_log_prefix "$log_prefix Class E reserved:"
|
||||
#$ipt -A FORWARD -i $_dev -d $broadcast_addr -j $LOG_TARGET $tag_log_prefix "$log_prefix Broadcast Address:"
|
||||
@ -801,7 +801,7 @@ for _dev in ${ext_if_arr[@]} ; do
|
||||
# Retfuse packets claiming to be from a Class C private network.
|
||||
$ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
|
||||
# Refuse packets claiming to be from loopback interface.
|
||||
$ipt -A INPUT -i $_dev -s $loopback -j DROP
|
||||
$ipt -A INPUT -i $_dev -s $loopback_ipv4 -j DROP
|
||||
# Refuse Class D multicast addresses. Multicast is illegal as a source address.
|
||||
$ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
|
||||
# Refuse Class E reserved IP addresses.
|
||||
@ -816,7 +816,7 @@ for _dev in ${ext_if_arr[@]} ; do
|
||||
# Refuse packets claiming to be from a Class C private network.
|
||||
$ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
|
||||
# Refuse packets claiming to be from loopback interface.
|
||||
$ipt -A FORWARD -i $_dev -s $loopback -j DROP
|
||||
$ipt -A FORWARD -i $_dev -s $loopback_ipv4 -j DROP
|
||||
# Refuse Class D multicast addresses. Multicast is illegal as a source address.
|
||||
$ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
|
||||
# Refuse Class E reserved IP addresses.
|
||||
@ -836,14 +836,14 @@ done
|
||||
# quench to the loopback.
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
if $log_to_lo || $log_all ; then
|
||||
$ipt -A INPUT -i $_dev -d $loopback -j $LOG_TARGET $tag_log_prefix "$log_prefix To Loopback:"
|
||||
$ipt -A INPUT -i $_dev -d $loopback_ipv4 -j $LOG_TARGET $tag_log_prefix "$log_prefix To Loopback:"
|
||||
if $kernel_activate_forwarding ; then
|
||||
$ipt -A FORWARD -i $_dev -d $loopback -j $LOG_TARGET $tag_log_prefix "$log_prefix To Loopback:"
|
||||
$ipt -A FORWARD -i $_dev -d $loopback_ipv4 -j $LOG_TARGET $tag_log_prefix "$log_prefix To Loopback:"
|
||||
fi
|
||||
fi
|
||||
$ipt -A INPUT -i $_dev -d $loopback -j DROP
|
||||
$ipt -A INPUT -i $_dev -d $loopback_ipv4 -j DROP
|
||||
if $kernel_activate_forwarding ; then
|
||||
$ipt -A FORWARD -i $_dev -d $loopback -j DROP
|
||||
$ipt -A FORWARD -i $_dev -d $loopback_ipv4 -j DROP
|
||||
fi
|
||||
done
|
||||
|
||||
@ -857,23 +857,23 @@ for _dev in ${ext_if_arr[@]} ; do
|
||||
$ipt -A OUTPUT -o $_dev -s $priv_class_a -j $LOG_TARGET $tag_log_prefix "$log_prefix out Class A:"
|
||||
$ipt -A OUTPUT -o $_dev -s $priv_class_b -j $LOG_TARGET $tag_log_prefix "$log_prefix out Class B:"
|
||||
$ipt -A OUTPUT -o $_dev -s $priv_class_c -j $LOG_TARGET $tag_log_prefix "$log_prefix out Class C:"
|
||||
$ipt -A OUTPUT -o $_dev -s $loopback -j $LOG_TARGET $tag_log_prefix "$log_prefix out Loopback:"
|
||||
$ipt -A OUTPUT -o $_dev -s $loopback_ipv4 -j $LOG_TARGET $tag_log_prefix "$log_prefix out Loopback:"
|
||||
if $kernel_activate_forwarding ; then
|
||||
$ipt -A FORWARD -o $_dev -s $priv_class_a -j $LOG_TARGET $tag_log_prefix "$log_prefix out Class A:"
|
||||
$ipt -A FORWARD -o $_dev -s $priv_class_b -j $LOG_TARGET $tag_log_prefix "$log_prefix out Class B:"
|
||||
$ipt -A FORWARD -o $_dev -s $priv_class_c -j $LOG_TARGET $tag_log_prefix "$log_prefix out Class C:"
|
||||
$ipt -A FORWARD -o $_dev -s $loopback -j $LOG_TARGET $tag_log_prefix "$log_prefix out Loopback:"
|
||||
$ipt -A FORWARD -o $_dev -s $loopback_ipv4 -j $LOG_TARGET $tag_log_prefix "$log_prefix out Loopback:"
|
||||
fi
|
||||
fi
|
||||
$ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
|
||||
$ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
|
||||
$ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
|
||||
$ipt -A OUTPUT -o $_dev -s $loopback -j DROP
|
||||
$ipt -A OUTPUT -o $_dev -s $loopback_ipv4 -j DROP
|
||||
if $kernel_activate_forwarding ; then
|
||||
$ipt -A FORWARD -o $_dev -s $priv_class_a -j DROP
|
||||
$ipt -A FORWARD -o $_dev -s $priv_class_b -j DROP
|
||||
$ipt -A FORWARD -o $_dev -s $priv_class_c -j DROP
|
||||
$ipt -A FORWARD -o $_dev -s $loopback -j DROP
|
||||
$ipt -A FORWARD -o $_dev -s $loopback_ipv4 -j DROP
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
Reference in New Issue
Block a user