projects
/
firewall-squeep
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
more better services
[firewall-squeep]
/
firewall.sh
diff --git
a/firewall.sh
b/firewall.sh
index eab2cb3404574a08d4f8b914022ee7c3d7ef9786..dbc0c3f47328828a09938e1083c0ff1fdfcaa41e 100755
(executable)
--- a/
firewall.sh
+++ b/
firewall.sh
@@
-74,15
+74,17
@@
done
create_set allowed_udp bitmap:port range 0-65535
create_set allowed_tcp bitmap:port range 0-65535
create_set allowed_udp bitmap:port range 0-65535
create_set allowed_tcp bitmap:port range 0-65535
-# common services
-allow_services ssh smtp submission domain ntp
-
-# per-host services
-srv_file="services.$(hostname -s)"
-if [ -e "${srv_file}" ]
-then
- . "${srv_file}"
-fi
+for sfx in '' ".$(hostname -s)"
+do
+ if [ -e "services${sfx}" ]
+ then
+
+ for l in $(decommentcat "services${sfx}")
+ do
+ allow_services "${l}"
+ done
+ fi
+done
$IPTABLES -A INPUT -i "${EXT_IF}" -p tcp -m set --match-set allowed_tcp dst -j ACCEPT
$IPTABLES -A INPUT -i "${EXT_IF}" -p udp -m set --match-set allowed_udp dst -j ACCEPT
$IPTABLES -A INPUT -i "${EXT_IF}" -p tcp -m set --match-set allowed_tcp dst -j ACCEPT
$IPTABLES -A INPUT -i "${EXT_IF}" -p udp -m set --match-set allowed_udp dst -j ACCEPT