Fix port knocking and deb entry
This commit is contained in:
parent
6a34b1697e
commit
ec75d05e47
|
@ -1,3 +1,14 @@
|
||||||
|
eofirewall (0.1-20110621.1) unstable; urgency=low
|
||||||
|
|
||||||
|
* New release
|
||||||
|
* Support port knocking
|
||||||
|
* Add a test option
|
||||||
|
* Add save and load of the rules
|
||||||
|
* Modify states to support last iptables version
|
||||||
|
* Add logrotate support for the Debian packages
|
||||||
|
|
||||||
|
-- Jérôme Schneider <jschneider@entrouvert.com> Tue, 21 Jun 2011 14:27:36 +0200
|
||||||
|
|
||||||
eofirewall (0.1-20110509.1) unstable; urgency=low
|
eofirewall (0.1-20110509.1) unstable; urgency=low
|
||||||
|
|
||||||
* Using SNAT instead of DNAT
|
* Using SNAT instead of DNAT
|
||||||
|
|
21
firewall
21
firewall
|
@ -128,17 +128,20 @@ port_knocking()
|
||||||
|
|
||||||
port=$1
|
port=$1
|
||||||
knock_ports=$2
|
knock_ports=$2
|
||||||
|
i=0
|
||||||
|
|
||||||
iptables -N toc2
|
for kport in $(echo $knock_ports | sed 's/,/ /g'); do
|
||||||
iptables -A toc2 -m recent --name toc1 --remove
|
((i++))
|
||||||
iptables -A toc2 -m recent --name toc2 --set
|
if [ $i -gt 1 ]; then
|
||||||
iptables -N toc3
|
iptables -N toc$i
|
||||||
iptables -A toc3 -m recent --name toc2 --remove
|
iptables -A toc$i -m recent --name toc$(($i-1)) --remove
|
||||||
iptables -A toc3 -m recent --name toc3 --set
|
iptables -A toc$i -m recent --name toc$i --set
|
||||||
for port in $(echo $knock_ports | sed 's/,/ /g'); do
|
iptables -A INPUT -i $WAN_INT -p tcp --dport $kport -m recent --rcheck --name toc$(($i-1)) -j toc$i
|
||||||
iptables -A INPUT -i $WAN_INT -p tcp --dport $port -m recent --set --name toc1
|
else
|
||||||
|
iptables -A INPUT -i $WAN_INT -p tcp --dport $kport -m recent --set --name toc$i
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
iptables -A INPUT -i $WAN_INT -p tcp --dport $port -m recent --rcheck --seconds 15 --name toc3 -m state --state NEW -j ACCEPT
|
iptables -A INPUT -i $WAN_INT -p tcp --dport $port -m recent --rcheck --seconds 15 --name toc$i -m state --state NEW -j ACCEPT
|
||||||
}
|
}
|
||||||
|
|
||||||
start()
|
start()
|
||||||
|
|
|
@ -24,7 +24,7 @@ ALLOW_INTS=''
|
||||||
# "42.42.42.0/24 42.42.42.42 tcp ssh,imap,imaps,1024:2048,32")
|
# "42.42.42.0/24 42.42.42.42 tcp ssh,imap,imaps,1024:2048,32")
|
||||||
OPEN_PORTS=("0.0.0.0/0 tcp ssh")
|
OPEN_PORTS=("0.0.0.0/0 tcp ssh")
|
||||||
|
|
||||||
## Port knocking
|
## Port knocking (tcp only)
|
||||||
# "port knock_ports_combinaison"
|
# "port knock_ports_combinaison"
|
||||||
# example : PORT_KNOCK("22 121,4353,4242,111")
|
# example : PORT_KNOCK("22 121,4353,4242,111")
|
||||||
PORT_KNOCK=()
|
PORT_KNOCK=()
|
||||||
|
|
Reference in New Issue