OpenSDE
/
rocklinux
mirror of https://github.com/amery/rocklinux.git
2
0
Fork 0
Code Releases Wiki Activity
mirror of the now-defunct rocklinux.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1908 Commits
1 Branch
0 Tags
34 MiB
Tree: 0a61d8b688
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0a61d8b688'
${ noResults }
rocklinux/package/base/iptables/rocknet_iptables.sh

65 lines
1.4 KiB
Raw Normal View History

Integration of rock-net (0.0.3) - this is mostly tested and some cleanups need to be done - as well as a updated rock-net core is scheduled for tonight. git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@1821 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
21 years ago
Juergen Sawinski <george@sun0.mpimf-heidelberg.mpg.de>: fixed a ROCK Net iptables typo git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@2241 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
21 years ago
Integration of rock-net (0.0.3) - this is mostly tested and some cleanups need to be done - as well as a updated rock-net core is scheduled for tonight. git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@1821 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
21 years ago
ok - after a short discussion on #rocklinux we decided that the firewall keywords should be named accept, reject and drop git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@1849 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
21 years ago
Integration of rock-net (0.0.3) - this is mostly tested and some cleanups need to be done - as well as a updated rock-net core is scheduled for tonight. git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@1821 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
21 years ago
ok - after a short discussion on #rocklinux we decided that the firewall keywords should be named accept, reject and drop git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@1849 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
21 years ago
Juergen Sawinski <george@sun0.mpimf-heidelberg.mpg.de>: fixed a ROCK Net iptables typo git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@2241 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
21 years ago
Integration of rock-net (0.0.3) - this is mostly tested and some cleanups need to be done - as well as a updated rock-net core is scheduled for tonight. git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@1821 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
21 years ago
ok - after a short discussion on #rocklinux we decided that the firewall keywords should be named accept, reject and drop git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@1849 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
21 years ago
Juergen Sawinski <george@sun0.mpimf-heidelberg.mpg.de>: fixed a ROCK Net iptables typo git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@2241 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
21 years ago
Integration of rock-net (0.0.3) - this is mostly tested and some cleanups need to be done - as well as a updated rock-net core is scheduled for tonight. git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@1821 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
21 years ago
added a drop keyword for the iptables (should we rename allow into accept and deny to reject? git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@1848 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
21 years ago
Juergen Sawinski <george@sun0.mpimf-heidelberg.mpg.de>: fixed a ROCK Net iptables typo git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@2241 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
21 years ago
added a drop keyword for the iptables (should we rename allow into accept and deny to reject? git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@1848 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
21 years ago
added clamp-mtu and masquerade iptables rocknet keywords git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@2036 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
21 years ago
  2. iptables_init_if() {
  3. if isfirst "iptables_$if"; then
  4. addcode up 1 1 "iptables -N firewall_$if"
  5. addcode up 1 2 "iptables -A INPUT -i $if -j firewall_$if"
  6. addcode up 1 3 "iptables -A firewall_$if `
  7. `-m state --state ESTABLISHED,RELATED -j ACCEPT"
  9. addcode down 1 3 "iptables -F firewall_$if"
  10. addcode down 1 2 "iptables -D INPUT -i $if -j firewall_$if"
  11. addcode down 1 1 "iptables -X firewall_$if"
  12. fi
  13. }
  15. iptables_parse_conditions() {
  16. iptables_cond=""
  17. while [ -n "$1" ]
  18. do
  19. case "$1" in
  20. all)
  21. shift
  22. ;;
  23. tcp|udp)
  24. iptables_cond="$iptables_cond -p $1 --dport $2"
  25. shift; shift
  26. ;;
  27. ip)
  28. iptables_cond="$iptables_cond -s $2"
  29. shift; shift
  30. ;;
  31. *)
  32. error "Unkown accept/reject/drop condition: $1"
  33. shift
  34. esac
  35. done
  36. }
  38. public_accept() {
  39. iptables_parse_conditions "$@"
  40. addcode up 1 5 "iptables -A firewall_$if $iptables_cond -j ACCEPT"
  41. iptables_init_if
  42. }
  44. public_reject() {
  45. iptables_parse_conditions "$@"
  46. addcode up 1 5 "iptables -A firewall_$if $iptables_cond -j REJECT"
  47. iptables_init_if
  48. }
  50. public_drop() {
  51. iptables_parse_conditions "$@"
  52. addcode up 1 5 "iptables -A firewall_$if $iptables_cond -j DROP"
  53. iptables_init_if
  54. }
  56. public_clamp_mtu() {
  57. addcode up 1 6 "iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN \
  58. -j TCPMSS --clamp-mss-to-pmtu"
  59. }
  61. public_masquerade() {
  62. addcode up 1 6 "iptables -t nat -A POSTROUTING -o $if \
  63. -j MASQUERADE"
  64. }