extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-24 11:41:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Make 'new not SYN' user-customizable

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@177 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-08-06 19:06:32 +00:00
parent 27952f3d4b
commit ed2036ece9
1 changed files with 6 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Shorewall/firewall
View File

@ -200,8 +200,7 @@ createchain() # $1 = chain name, $2 = If non-null, don't create default rules
state="ESTABLISHED" state="ESTABLISHED"
[ -n "$ALLOWRELATED" ] && state="$state,RELATED" [ -n "$ALLOWRELATED" ] && state="$state,RELATED"
run_iptables -A $1 -m state --state $state -j ACCEPT run_iptables -A $1 -m state --state $state -j ACCEPT
[ -n "$LOGNEWNOTSYN" ] && target=newnotsyn || target=DROP run_iptables -A $1 -m state --state NEW -p tcp !--syn -j newnotsyn
run_iptables -A $1 -m state --state NEW -p tcp !--syn -j $target
fi fi
eval ${1}_exists=Yes eval ${1}_exists=Yes
@ -2718,22 +2717,12 @@ initialize_netfilter () {
--tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
if [ -n "$LOGNEWNOTSYN" ]; then createchain newnotsyn no
createchain newnotsyn no run_user_exit newnotsyn
# [ -n "$LOGNEWNOTSYN" ] && \
# Don't bother the world with these
#
run_iptables -A newnotsyn -p tcp --tcp-flags ACK,FIN ACK,FIN -j DROP
#
# Log
#
run_iptables -A newnotsyn -j LOG \ run_iptables -A newnotsyn -j LOG \
--log-prefix "Shorewall:newnotsyn:DROP:" --log-level $LOGNEWNOTSYN --log-prefix "Shorewall:newnotsyn:DROP:" --log-level $LOGNEWNOTSYN
# run_iptables -A newnotsyn -p tcp -j DROP
# DROP
#
run_iptables -A newnotsyn -p tcp -j DROP
fi
createchain icmpdef no createchain icmpdef no
createchain common no createchain common no