fix mistakes
* forgotten chains * wrong variable names * baf field separator for awk
This commit is contained in:
parent
cfa1c20332
commit
48983bfa2d
20
minifirewall
20
minifirewall
|
@ -208,6 +208,14 @@ start() {
|
||||||
${IPT} -N LOG_ACCEPT
|
${IPT} -N LOG_ACCEPT
|
||||||
${IPT} -A LOG_ACCEPT -j LOG --log-prefix '[IPTABLES ACCEPT] : '
|
${IPT} -A LOG_ACCEPT -j LOG --log-prefix '[IPTABLES ACCEPT] : '
|
||||||
${IPT} -A LOG_ACCEPT -j ACCEPT
|
${IPT} -A LOG_ACCEPT -j ACCEPT
|
||||||
|
if is_ipv6_enabled; then
|
||||||
|
${IPT6} -N LOG_DROP
|
||||||
|
${IPT6} -A LOG_DROP -j LOG --log-prefix '[IPTABLES DROP] : '
|
||||||
|
${IPT6} -A LOG_DROP -j DROP
|
||||||
|
${IPT6} -N LOG_ACCEPT
|
||||||
|
${IPT6} -A LOG_ACCEPT -j LOG --log-prefix '[IPTABLES ACCEPT] : '
|
||||||
|
${IPT6} -A LOG_ACCEPT -j ACCEPT
|
||||||
|
fi
|
||||||
|
|
||||||
source_configuration
|
source_configuration
|
||||||
|
|
||||||
|
@ -219,7 +227,7 @@ start() {
|
||||||
${IPT6} -A ONLYTRUSTED -j LOG_DROP
|
${IPT6} -A ONLYTRUSTED -j LOG_DROP
|
||||||
fi
|
fi
|
||||||
for ip in ${TRUSTEDIPS}; do
|
for ip in ${TRUSTEDIPS}; do
|
||||||
if is_ipv6 ${src}; then
|
if is_ipv6 ${ip}; then
|
||||||
if is_ipv6_enabled; then
|
if is_ipv6_enabled; then
|
||||||
${IPT6} -I ONLYTRUSTED -s ${ip} -j ACCEPT
|
${IPT6} -I ONLYTRUSTED -s ${ip} -j ACCEPT
|
||||||
fi
|
fi
|
||||||
|
@ -237,7 +245,7 @@ start() {
|
||||||
${IPT6} -A ONLYPRIVILEGIED -j ONLYTRUSTED
|
${IPT6} -A ONLYPRIVILEGIED -j ONLYTRUSTED
|
||||||
fi
|
fi
|
||||||
for ip in ${PRIVILEGIEDIPS}; do
|
for ip in ${PRIVILEGIEDIPS}; do
|
||||||
if is_ipv6 ${src}; then
|
if is_ipv6 ${ip}; then
|
||||||
if is_ipv6_enabled; then
|
if is_ipv6_enabled; then
|
||||||
${IPT6} -I ONLYPRIVILEGIED -s ${ip} -j ACCEPT
|
${IPT6} -I ONLYPRIVILEGIED -s ${ip} -j ACCEPT
|
||||||
fi
|
fi
|
||||||
|
@ -267,7 +275,7 @@ start() {
|
||||||
# attacked windowsupdate.com and DNS was changed to 127.0.0.1
|
# attacked windowsupdate.com and DNS was changed to 127.0.0.1
|
||||||
# ${IPT} -t NAT -I PREROUTING -s ${LOOPBACK} -i ! lo -j DROP
|
# ${IPT} -t NAT -I PREROUTING -s ${LOOPBACK} -i ! lo -j DROP
|
||||||
for IP in ${LOOPBACK}; do
|
for IP in ${LOOPBACK}; do
|
||||||
if is_ipv6 ${src}; then
|
if is_ipv6 ${IP}; then
|
||||||
if is_ipv6_enabled; then
|
if is_ipv6_enabled; then
|
||||||
${IPT6} -A INPUT -s ${IP} ! -i lo -j DROP
|
${IPT6} -A INPUT -s ${IP} ! -i lo -j DROP
|
||||||
fi
|
fi
|
||||||
|
@ -307,7 +315,7 @@ start() {
|
||||||
|
|
||||||
# Allow services for ${INTLAN} (local server or local network)
|
# Allow services for ${INTLAN} (local server or local network)
|
||||||
for IP in ${INTLAN}; do
|
for IP in ${INTLAN}; do
|
||||||
if is_ipv6 ${src}; then
|
if is_ipv6 ${IP}; then
|
||||||
if is_ipv6_enabled; then
|
if is_ipv6_enabled; then
|
||||||
${IPT6} -A INPUT -s ${IP} -j ACCEPT
|
${IPT6} -A INPUT -s ${IP} -j ACCEPT
|
||||||
fi
|
fi
|
||||||
|
@ -524,7 +532,6 @@ start() {
|
||||||
|
|
||||||
# NTP authorizations
|
# NTP authorizations
|
||||||
for src in ${NTPOK}; do
|
for src in ${NTPOK}; do
|
||||||
|
|
||||||
if is_ipv6 ${src}; then
|
if is_ipv6 ${src}; then
|
||||||
if is_ipv6_enabled; then
|
if is_ipv6_enabled; then
|
||||||
${IPT6} -A INPUT -p udp --sport 123 -s ${src} -j ACCEPT
|
${IPT6} -A INPUT -p udp --sport 123 -s ${src} -j ACCEPT
|
||||||
|
@ -550,8 +557,9 @@ start() {
|
||||||
|
|
||||||
# Output for backup servers
|
# Output for backup servers
|
||||||
for server in ${BACKUPSERVERS}; do
|
for server in ${BACKUPSERVERS}; do
|
||||||
server_port=$(echo "${server}" | awk '{print $NF}')
|
server_port=$(echo "${server}" | awk -F : '{print $(NF)}')
|
||||||
server_ip=$(echo "${server}" | sed -e "s/:${server_port}$//")
|
server_ip=$(echo "${server}" | sed -e "s/:${server_port}$//")
|
||||||
|
|
||||||
if [ -n "${server_ip}" ] && [ -n "${server_port}" ]; then
|
if [ -n "${server_ip}" ] && [ -n "${server_port}" ]; then
|
||||||
if is_ipv6 ${server_ip}; then
|
if is_ipv6 ${server_ip}; then
|
||||||
if is_ipv6_enabled; then
|
if is_ipv6_enabled; then
|
||||||
|
|
Loading…
Reference in a new issue