1 #!/bin/bash |
1 #!/bin/bash |
2 |
2 |
3 # --------------------------------------------------------------------------- |
3 # --------------------------------------------------------------------------- |
4 # Copyright (C) 2013-2014 by Michiel Broek. |
4 # Copyright (C) 2013-2015 by Michiel Broek. |
5 # Homepage http://www.mbse.eu |
5 # Homepage http://www.mbse.eu |
6 # Email mbse At mbse dOt eu |
6 # Email mbse At mbse dOt eu |
7 # |
7 # |
8 # This file is part of mbse-firewall. |
8 # This file is part of mbse-firewall. |
9 # |
9 # |
20 # You should have received a copy of the GNU General Public License |
20 # You should have received a copy of the GNU General Public License |
21 # along with this program; see the file COPYING. If not, write to the Free |
21 # along with this program; see the file COPYING. If not, write to the Free |
22 # Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. |
22 # Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. |
23 # --------------------------------------------------------------------------- |
23 # --------------------------------------------------------------------------- |
24 |
24 |
25 MBSEFW_VERSION="0.0.17" |
25 MBSEFW_VERSION="0.0.18" |
26 |
26 |
27 # Sanity checks |
27 # Sanity checks |
28 if [ "$(id -u)" != "0" ]; then |
28 if [ "$(id -u)" != "0" ]; then |
29 echo "** You must be root to run this program" |
29 echo "** You must be root to run this program" |
30 exit 1 |
30 exit 1 |
271 fi |
271 fi |
272 $GREP -Ev '^#|^;|^\s*$' $BLOCKLIST | while read L ; do |
272 $GREP -Ev '^#|^;|^\s*$' $BLOCKLIST | while read L ; do |
273 set $L |
273 set $L |
274 $IPSET add ${HOST}-mbsefw-blk6 $1 -exist |
274 $IPSET add ${HOST}-mbsefw-blk6 $1 -exist |
275 done |
275 done |
|
276 echo -n "." |
|
277 fi |
|
278 |
|
279 # If we use the global blocktables. |
|
280 if [ "$IF_EXT_GLOBAL_BLOCK" == "1" ]; then |
|
281 $IPTABLES -A INPUT -i $IF_EXT -m state --state NEW -m set --match-set global-blk4 src -j DROP |
|
282 if [ "$FW_FORWARD" = "1" ]; then |
|
283 $IPTABLES -A FORWARD -i $IF_EXT -m state --state NEW -m set --match-set global-blk4 src -j DROP |
|
284 fi |
|
285 if [ "$USE_IPV6" == "1" ]; then |
|
286 if [ -n "$IF_EXT6" ]; then |
|
287 IF6=$IF_EXT6 |
|
288 else |
|
289 IF6=$IF_EXT |
|
290 fi |
|
291 $IP6TABLES -A INPUT -i $IF6 -m state --state NEW -m set --match-set global-blk6 src -j DROP |
|
292 if [ "$FW_FORWARD" = "1" ]; then |
|
293 $IP6TABLES -A FORWARD -i $IF6 -m state --state NEW -m set --match-set global-blk6 src -j DROP |
|
294 fi |
|
295 fi |
276 echo -n "." |
296 echo -n "." |
277 fi |
297 fi |
278 |
298 |
279 fw_init_nfacct |
299 fw_init_nfacct |
280 echo -n "." |
300 echo -n "." |