Mercurial > mbse-firewall / file comparison

comparison: sbin/mbse-firewall

sbin/mbse-firewall

changeset 11
c5697bee6884
parent 10
798ac120a09e
child 12
8aaa305805df
equal deleted inserted replaced
10:798ac120a09e 11:c5697bee6884
1 #!/bin/bash 1 #!/bin/bash
2 2
3 # --------------------------------------------------------------------------- 3 # ---------------------------------------------------------------------------
4 # Copyright (C) 2013-2016 by Michiel Broek. 4 # Copyright (C) 2013-2017 by Michiel Broek.
5 # Homepage http://www.mbse.eu 5 # Homepage http://www.mbse.eu
6 # Email mbse At mbse dOt eu 6 # Email mbse At mbse dOt eu
7 # 7 #
8 # This file is part of mbse-firewall. 8 # This file is part of mbse-firewall.
9 # 9 #
20 # You should have received a copy of the GNU General Public License 20 # You should have received a copy of the GNU General Public License
21 # along with this program; see the file COPYING. If not, write to the Free 21 # along with this program; see the file COPYING. If not, write to the Free
22 # Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. 22 # Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
23 # --------------------------------------------------------------------------- 23 # ---------------------------------------------------------------------------
24 24
25 MBSEFW_VERSION="0.0.22" 25 MBSEFW_VERSION="0.0.23"
26 26
27 # Sanity checks 27 # Sanity checks
28 if [ "$(id -u)" != "0" ]; then 28 if [ "$(id -u)" != "0" ]; then
29 echo "** You must be root to run this program" 29 echo "** You must be root to run this program"
30 exit 1 30 exit 1
424 $IP6TABLES -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-solicitation -j DROP # Silent drop HOPLIMIT <> 255 424 $IP6TABLES -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-solicitation -j DROP # Silent drop HOPLIMIT <> 255
425 $IP6TABLES -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT 425 $IP6TABLES -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
426 $IP6TABLES -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -m hl --hl-eq 255 -j ACCEPT 426 $IP6TABLES -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -m hl --hl-eq 255 -j ACCEPT
427 $IP6TABLES -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -j DROP # Silent drop HOPLIMIT <> 255 427 $IP6TABLES -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -j DROP # Silent drop HOPLIMIT <> 255
428 $IP6TABLES -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-advertisement -m hl --hl-eq 255 -j ACCEPT 428 $IP6TABLES -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-advertisement -m hl --hl-eq 255 -j ACCEPT
429 $IP6TABLES -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-advertisement -j DROP # Silent drop HOPLIMIT <> 255
429 $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT 430 $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT
430 $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT 431 $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
431 $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -m hl --hl-eq 255 -j ACCEPT 432 $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -m hl --hl-eq 255 -j ACCEPT
432 $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-advertisement -m hl --hl-eq 255 -j ACCEPT 433 $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-advertisement -m hl --hl-eq 255 -j ACCEPT
433 # Allow inverse neighbour discovery solicitation (141) / advertisement (142) 434 # Allow inverse neighbour discovery solicitation (141) / advertisement (142)

Mercurial Repository: mbse-firewall

mercurial