summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJérôme Schneider <jschneider@entrouvert.com>2011-03-08 10:44:29 (GMT)
committerJérôme Schneider <jschneider@entrouvert.com>2011-03-08 10:44:29 (GMT)
commit8a79bdbdec2704842ebc674d0467b07748c6f6b9 (patch)
tree432d9dc4b5744865f5d766dd919cd887a7d58c48
parent471bbe992ef6e91f1fcbcf809a9d4c6f83d72a43 (diff)
downloadeofirewall-8a79bdbdec2704842ebc674d0467b07748c6f6b9.zip
eofirewall-8a79bdbdec2704842ebc674d0467b07748c6f6b9.tar.gz
eofirewall-8a79bdbdec2704842ebc674d0467b07748c6f6b9.tar.bz2
Fix ! position
-rw-r--r--debian/changelog6
-rwxr-xr-xfirewall10
2 files changed, 11 insertions, 5 deletions
diff --git a/debian/changelog b/debian/changelog
index 2bf116a..2f7118b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+eofirewall (0.1-20110308.1) unstable; urgency=low
+
+ * Fix ! position
+
+ -- Jérôme Schneider <jschneider@entrouvert.com> Tue, 08 Mar 2011 11:43:41 +0100
+
eofirewall (0.1-20110307.1) unstable; urgency=low
* Initial release
diff --git a/firewall b/firewall
index 94131d2..2e1119d 100755
--- a/firewall
+++ b/firewall
@@ -44,7 +44,7 @@ forward_port()
dest_port=$(echo $destination | cut -d ":" -f2)
echo "+ Forward $port to $destination for protocol $proto"
- $IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p $proto -s $source -d $dest_ip --dport $dest_port -m state --state ! INVALID -j ACCEPT
+ $IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p $proto -s $source -d $dest_ip --dport $dest_port -m state ! --state INVALID -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i $WAN_INT -p $proto -s $source -d $IP --dport $port -j DNAT --to $destination
}
@@ -76,12 +76,12 @@ start()
$IPTABLES -A OUTPUT -o lo -j ACCEPT
echo "+ Allow WAN outgoing traffic"
- $IPTABLES -A OUTPUT -o $WAN_INT -p all -m state --state ! INVALID -j ACCEPT
+ $IPTABLES -A OUTPUT -o $WAN_INT -p all -m state ! --state INVALID -j ACCEPT
$IPTABLES -A INPUT -i $WAN_INT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
if [ $LAN == 1 ]; then
echo "+ Allow WAN outgoing traffic from lan"
- $IPTABLES -A FORWARD -i $LAN_INT -o $WAN_INT -p all -m state --state ! INVALID -j ACCEPT
+ $IPTABLES -A FORWARD -i $LAN_INT -o $WAN_INT -p all -m state ! --state INVALID -j ACCEPT
$IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
echo "+ Allow local network"
@@ -89,7 +89,7 @@ start()
$IPTABLES -A INPUT -i $LAN_INT -p all -j ACCEPT
for ALLOW_INT in $ALLOW_INTS; do
echo "+ Allow WAN outgoing traffic for interface $ALLOW_INT"
- $IPTABLES -A FORWARD -i $ALLOW_INT -o $WAN_INT -p all -m state --state ! INVALID -j ACCEPT
+ $IPTABLES -A FORWARD -i $ALLOW_INT -o $WAN_INT -p all -m state ! --state INVALID -j ACCEPT
$IPTABLES -A FORWARD -i $WAN_INT -o $ALLOW_INT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
echo "+ Allow local network"
@@ -167,7 +167,7 @@ start()
ports=$(echo $traffic | cut -d "-" -f3)
for port in $(echo $ports | sed 's/,/ /g'); do
echo "+ Open port $port to $source for protocol $proto"
- $IPTABLES -A INPUT -i $WAN_INT -p $proto -s $source -d $IP --dport $port -m state --state ! INVALID -j ACCEPT
+ $IPTABLES -A INPUT -i $WAN_INT -p $proto -s $source -d $IP --dport $port -m state ! --state INVALID -j ACCEPT
done
done