Mercurial > mbse-firewall / file comparison
comparison: sbin/mbse-firewall
sbin/mbse-firewall
- changeset 7
- c846ebedfff3
- parent 6
- be2d7c142726
- child 8
- c8e957eb1b36
equal
deleted
inserted
replaced
| 6:be2d7c142726 | 7:c846ebedfff3 |
|---|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 | 2 |
| 3 # --------------------------------------------------------------------------- | 3 # --------------------------------------------------------------------------- |
| 4 # Copyright (C) 2013-2014 by Michiel Broek. | 4 # Copyright (C) 2013-2015 by Michiel Broek. |
| 5 # Homepage http://www.mbse.eu | 5 # Homepage http://www.mbse.eu |
| 6 # Email mbse At mbse dOt eu | 6 # Email mbse At mbse dOt eu |
| 7 # | 7 # |
| 8 # This file is part of mbse-firewall. | 8 # This file is part of mbse-firewall. |
| 9 # | 9 # |
| 20 # You should have received a copy of the GNU General Public License | 20 # You should have received a copy of the GNU General Public License |
| 21 # along with this program; see the file COPYING. If not, write to the Free | 21 # along with this program; see the file COPYING. If not, write to the Free |
| 22 # Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. | 22 # Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. |
| 23 # --------------------------------------------------------------------------- | 23 # --------------------------------------------------------------------------- |
| 24 | 24 |
| 25 MBSEFW_VERSION="0.0.17" | 25 MBSEFW_VERSION="0.0.18" |
| 26 | 26 |
| 27 # Sanity checks | 27 # Sanity checks |
| 28 if [ "$(id -u)" != "0" ]; then | 28 if [ "$(id -u)" != "0" ]; then |
| 29 echo "** You must be root to run this program" | 29 echo "** You must be root to run this program" |
| 30 exit 1 | 30 exit 1 |
| 271 fi | 271 fi |
| 272 $GREP -Ev '^#|^;|^\s*$' $BLOCKLIST | while read L ; do | 272 $GREP -Ev '^#|^;|^\s*$' $BLOCKLIST | while read L ; do |
| 273 set $L | 273 set $L |
| 274 $IPSET add ${HOST}-mbsefw-blk6 $1 -exist | 274 $IPSET add ${HOST}-mbsefw-blk6 $1 -exist |
| 275 done | 275 done |
| 276 echo -n "." | |
| 277 fi | |
| 278 | |
| 279 # If we use the global blocktables. | |
| 280 if [ "$IF_EXT_GLOBAL_BLOCK" == "1" ]; then | |
| 281 $IPTABLES -A INPUT -i $IF_EXT -m state --state NEW -m set --match-set global-blk4 src -j DROP | |
| 282 if [ "$FW_FORWARD" = "1" ]; then | |
| 283 $IPTABLES -A FORWARD -i $IF_EXT -m state --state NEW -m set --match-set global-blk4 src -j DROP | |
| 284 fi | |
| 285 if [ "$USE_IPV6" == "1" ]; then | |
| 286 if [ -n "$IF_EXT6" ]; then | |
| 287 IF6=$IF_EXT6 | |
| 288 else | |
| 289 IF6=$IF_EXT | |
| 290 fi | |
| 291 $IP6TABLES -A INPUT -i $IF6 -m state --state NEW -m set --match-set global-blk6 src -j DROP | |
| 292 if [ "$FW_FORWARD" = "1" ]; then | |
| 293 $IP6TABLES -A FORWARD -i $IF6 -m state --state NEW -m set --match-set global-blk6 src -j DROP | |
| 294 fi | |
| 295 fi | |
| 276 echo -n "." | 296 echo -n "." |
| 277 fi | 297 fi |
| 278 | 298 |
| 279 fw_init_nfacct | 299 fw_init_nfacct |
| 280 echo -n "." | 300 echo -n "." |
