Fix ! position

This commit is contained in:
Jérôme Schneider 2011-03-08 11:44:29 +01:00
parent 471bbe992e
commit 8a79bdbdec
2 changed files with 11 additions and 5 deletions

6
debian/changelog vendored
View File

@ -1,3 +1,9 @@
eofirewall (0.1-20110308.1) unstable; urgency=low
* Fix ! position
-- Jérôme Schneider <jschneider@entrouvert.com> Tue, 08 Mar 2011 11:43:41 +0100
eofirewall (0.1-20110307.1) unstable; urgency=low
* Initial release

View File

@ -44,7 +44,7 @@ forward_port()
dest_port=$(echo $destination | cut -d ":" -f2)
echo "+ Forward $port to $destination for protocol $proto"
$IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p $proto -s $source -d $dest_ip --dport $dest_port -m state --state ! INVALID -j ACCEPT
$IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p $proto -s $source -d $dest_ip --dport $dest_port -m state ! --state INVALID -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i $WAN_INT -p $proto -s $source -d $IP --dport $port -j DNAT --to $destination
}
@ -76,12 +76,12 @@ start()
$IPTABLES -A OUTPUT -o lo -j ACCEPT
echo "+ Allow WAN outgoing traffic"
$IPTABLES -A OUTPUT -o $WAN_INT -p all -m state --state ! INVALID -j ACCEPT
$IPTABLES -A OUTPUT -o $WAN_INT -p all -m state ! --state INVALID -j ACCEPT
$IPTABLES -A INPUT -i $WAN_INT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
if [ $LAN == 1 ]; then
echo "+ Allow WAN outgoing traffic from lan"
$IPTABLES -A FORWARD -i $LAN_INT -o $WAN_INT -p all -m state --state ! INVALID -j ACCEPT
$IPTABLES -A FORWARD -i $LAN_INT -o $WAN_INT -p all -m state ! --state INVALID -j ACCEPT
$IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
echo "+ Allow local network"
@ -89,7 +89,7 @@ start()
$IPTABLES -A INPUT -i $LAN_INT -p all -j ACCEPT
for ALLOW_INT in $ALLOW_INTS; do
echo "+ Allow WAN outgoing traffic for interface $ALLOW_INT"
$IPTABLES -A FORWARD -i $ALLOW_INT -o $WAN_INT -p all -m state --state ! INVALID -j ACCEPT
$IPTABLES -A FORWARD -i $ALLOW_INT -o $WAN_INT -p all -m state ! --state INVALID -j ACCEPT
$IPTABLES -A FORWARD -i $WAN_INT -o $ALLOW_INT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
echo "+ Allow local network"
@ -167,7 +167,7 @@ start()
ports=$(echo $traffic | cut -d "-" -f3)
for port in $(echo $ports | sed 's/,/ /g'); do
echo "+ Open port $port to $source for protocol $proto"
$IPTABLES -A INPUT -i $WAN_INT -p $proto -s $source -d $IP --dport $port -m state --state ! INVALID -j ACCEPT
$IPTABLES -A INPUT -i $WAN_INT -p $proto -s $source -d $IP --dport $port -m state ! --state INVALID -j ACCEPT
done
done