extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-26 04:32:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add dynamic drop/reject/allow/save functions.

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@57 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-06-04 20:17:46 +00:00
parent 5c9562c20a
commit aac129f404
2 changed files with 57 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Shorewall/firewall
View File

@ -2536,12 +2536,29 @@ initialize_netfilter () {
createchain icmpdef no createchain icmpdef no
createchain common no createchain common no
createchain reject no createchain reject no
createchain dynamic no
if [ -f /etc/shorewall/save ]; then
echo "Restoring dynamic rules..."
while read target ignore1 ignore2 address rest; do
case $target in
DROP|reject)
run_iptables -A dynamic -s $address -j $target
;;
*)
;;
esac
done < /etc/shorewall/save
fi
echo "Creating input Chains..." echo "Creating input Chains..."
for interface in $all_interfaces; do for interface in $all_interfaces; do
createchain `forward_chain $interface` no createchain `forward_chain $interface` no
run_iptables -A `forward_chain $interface` -j dynamic
createchain `input_chain $interface` no createchain `input_chain $interface` no
run_iptables -A `input_chain $interface` -j dynamic
done done
} }

45
Shorewall/shorewall
View File

@ -68,8 +68,10 @@
# starting the new configuration. # starting the new configuration.
# shorewall logwatch [ refresh-interval ] Monitor the local log for Shorewall # shorewall logwatch [ refresh-interval ] Monitor the local log for Shorewall
# messages. # messages.
# shorewall blacklist <address> ... Temporarily blacklist the listed # shorewall drop <address> ... Temporarily drop all packets from the
# address(es) # listed address(es)
# shorewall reject <address> ... Temporarily reject all packets from the
# listed address(es)
# #
# Display a chain if it exists # Display a chain if it exists
# #
@ -406,7 +408,10 @@ usage() # $1 = exit status
echo " check" echo " check"
echo " try <directory> [ <timeout> ]" echo " try <directory> [ <timeout> ]"
echo " logwatch [<refresh interval>]" echo " logwatch [<refresh interval>]"
echo " blacklist <address> ..." echo " drop <address> ..."
echo " reject <address> ..."
echo " allow <address> ..."
echo " save"
exit $1 exit $1
} }
@ -622,16 +627,44 @@ case "$1" in
usage 1 usage 1
fi fi
;; ;;
blacklist) drop)
[ $# -eq 1 ] && usage 1 [ $# -eq 1 ] && usage 1
mutex_on mutex_on
while [ $# -gt 1 ]; do while [ $# -gt 1 ]; do
shift shift
iptables -A blacklst -s $1 -j DROP || break 1 iptables -A dynamic -s $1 -j DROP || break 1
echo "$1 Temporarily Blacklisted" echo "$1 Dropped"
done done
mutex_off mutex_off
;; ;;
reject)
[ $# -eq 1 ] && usage 1
mutex_on
while [ $# -gt 1 ]; do
shift
iptables -A dynamic -s $1 -j reject || break 1
echo "$1 Rejected"
done
mutex_off
;;
allow)
[ $# -eq 1 ] && usage 1
mutex_on
while [ $# -gt 1 ]; do
shift
if qt iptables -D dynamic -s $1 -j reject || qt iptables -D dynamic -s $1 -j DROP; then
echo "$1 Allowed"
else
echo "$1 Not Dropped or Rejected"
fi
done
mutex_off
;;
save)
if iptables -L dynamic -n > /etc/shorewall/save; then
echo "Dynamic Rules Saved"
fi
;;
*) *)
usage 1 usage 1
;; ;;