Fix ! position
This commit is contained in:
parent
471bbe992e
commit
8a79bdbdec
|
@ -1,3 +1,9 @@
|
|||
eofirewall (0.1-20110308.1) unstable; urgency=low
|
||||
|
||||
* Fix ! position
|
||||
|
||||
-- Jérôme Schneider <jschneider@entrouvert.com> Tue, 08 Mar 2011 11:43:41 +0100
|
||||
|
||||
eofirewall (0.1-20110307.1) unstable; urgency=low
|
||||
|
||||
* Initial release
|
||||
|
|
10
firewall
10
firewall
|
@ -44,7 +44,7 @@ forward_port()
|
|||
dest_port=$(echo $destination | cut -d ":" -f2)
|
||||
|
||||
echo "+ Forward $port to $destination for protocol $proto"
|
||||
$IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p $proto -s $source -d $dest_ip --dport $dest_port -m state --state ! INVALID -j ACCEPT
|
||||
$IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p $proto -s $source -d $dest_ip --dport $dest_port -m state ! --state INVALID -j ACCEPT
|
||||
$IPTABLES -t nat -A PREROUTING -i $WAN_INT -p $proto -s $source -d $IP --dport $port -j DNAT --to $destination
|
||||
}
|
||||
|
||||
|
@ -76,12 +76,12 @@ start()
|
|||
$IPTABLES -A OUTPUT -o lo -j ACCEPT
|
||||
|
||||
echo "+ Allow WAN outgoing traffic"
|
||||
$IPTABLES -A OUTPUT -o $WAN_INT -p all -m state --state ! INVALID -j ACCEPT
|
||||
$IPTABLES -A OUTPUT -o $WAN_INT -p all -m state ! --state INVALID -j ACCEPT
|
||||
$IPTABLES -A INPUT -i $WAN_INT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
|
||||
if [ $LAN == 1 ]; then
|
||||
echo "+ Allow WAN outgoing traffic from lan"
|
||||
$IPTABLES -A FORWARD -i $LAN_INT -o $WAN_INT -p all -m state --state ! INVALID -j ACCEPT
|
||||
$IPTABLES -A FORWARD -i $LAN_INT -o $WAN_INT -p all -m state ! --state INVALID -j ACCEPT
|
||||
$IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
echo "+ Allow local network"
|
||||
|
@ -89,7 +89,7 @@ start()
|
|||
$IPTABLES -A INPUT -i $LAN_INT -p all -j ACCEPT
|
||||
for ALLOW_INT in $ALLOW_INTS; do
|
||||
echo "+ Allow WAN outgoing traffic for interface $ALLOW_INT"
|
||||
$IPTABLES -A FORWARD -i $ALLOW_INT -o $WAN_INT -p all -m state --state ! INVALID -j ACCEPT
|
||||
$IPTABLES -A FORWARD -i $ALLOW_INT -o $WAN_INT -p all -m state ! --state INVALID -j ACCEPT
|
||||
$IPTABLES -A FORWARD -i $WAN_INT -o $ALLOW_INT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
echo "+ Allow local network"
|
||||
|
@ -167,7 +167,7 @@ start()
|
|||
ports=$(echo $traffic | cut -d "-" -f3)
|
||||
for port in $(echo $ports | sed 's/,/ /g'); do
|
||||
echo "+ Open port $port to $source for protocol $proto"
|
||||
$IPTABLES -A INPUT -i $WAN_INT -p $proto -s $source -d $IP --dport $port -m state --state ! INVALID -j ACCEPT
|
||||
$IPTABLES -A INPUT -i $WAN_INT -p $proto -s $source -d $IP --dport $port -m state ! --state INVALID -j ACCEPT
|
||||
done
|
||||
done
|
||||
|
||||
|
|
Reference in New Issue