Imrpoving cleaning and prefix all chains with EO-X
This commit is contained in:
parent
d94d57056f
commit
0129cf55db
44
eofirewall
44
eofirewall
|
@ -61,26 +61,18 @@ clean()
|
|||
|
||||
if chain_exists EO-INPUT; then
|
||||
$IPTABLES -D INPUT -j EO-INPUT
|
||||
$IPTABLES -F EO-INPUT
|
||||
$IPTABLES -X EO-INPUT
|
||||
fi
|
||||
if chain_exists EO-OUTPUT; then
|
||||
$IPTABLES -D OUTPUT -j EO-OUTPUT
|
||||
$IPTABLES -F EO-OUTPUT
|
||||
$IPTABLES -X EO-OUTPUT
|
||||
fi
|
||||
if chain_exists EO-FORWARD; then
|
||||
$IPTABLES -D FORWARD -j EO-FORWARD
|
||||
$IPTABLES -F EO-FORWARD
|
||||
$IPTABLES -X EO-FORWARD
|
||||
fi
|
||||
if chain_exists LOGDROP; then
|
||||
$IPTABLES -D INPUT -j LOGDROP
|
||||
$IPTABLES -D OUTPUT -j LOGDROP
|
||||
$IPTABLES -D FORWARD -j LOGDROP
|
||||
$IPTABLES -F LOGDROP
|
||||
$IPTABLES -X LOGDROP
|
||||
$IPTABLES -D INPUT -j EO-LOGDROP
|
||||
$IPTABLES -D OUTPUT -j EO-LOGDROP
|
||||
$IPTABLES -D FORWARD -j EO-LOGDROP
|
||||
fi
|
||||
|
||||
for chain in `$IPTABLES --list -n | grep '^Chain EO' | cut -f2 -d ' '`; do
|
||||
$IPTABLES -F $chain
|
||||
$IPTABLES -X $chain
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
init()
|
||||
|
@ -92,7 +84,7 @@ init()
|
|||
$IPTABLES -N EO-INPUT
|
||||
$IPTABLES -N EO-OUTPUT
|
||||
$IPTABLES -N EO-FORWARD
|
||||
$IPTABLES -N LOGDROP
|
||||
$IPTABLES -N EO-LOGDROP
|
||||
|
||||
|
||||
# default policies
|
||||
|
@ -356,15 +348,15 @@ start()
|
|||
$IPTABLES -A FORWARD -j EO-FORWARD
|
||||
|
||||
## LOG
|
||||
## Create a LOGDROP chain to log and drop packets
|
||||
$IPTABLES -A LOGDROP -p tcp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied tcp: " --log-level 4
|
||||
$IPTABLES -A LOGDROP -p udp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied udp: " --log-level 4
|
||||
$IPTABLES -A LOGDROP -p icmp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied icmp: " --log-level 4
|
||||
$IPTABLES -A LOGDROP -j DROP
|
||||
## Create a EO-LOGDROP chain to log and drop packets
|
||||
$IPTABLES -A EO-LOGDROP -p tcp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied tcp: " --log-level 4
|
||||
$IPTABLES -A EO-LOGDROP -p udp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied udp: " --log-level 4
|
||||
$IPTABLES -A EO-LOGDROP -p icmp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied icmp: " --log-level 4
|
||||
$IPTABLES -A EO-LOGDROP -j DROP
|
||||
|
||||
$IPTABLES -A INPUT -j LOGDROP
|
||||
$IPTABLES -A OUTPUT -j LOGDROP
|
||||
$IPTABLES -A FORWARD -j LOGDROP
|
||||
$IPTABLES -A INPUT -j EO-LOGDROP
|
||||
$IPTABLES -A OUTPUT -j EO-LOGDROP
|
||||
$IPTABLES -A FORWARD -j EO-LOGDROP
|
||||
}
|
||||
|
||||
|
||||
|
|
Reference in New Issue