X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;ds=sidebyside;f=firewall.sh;h=145ee596f86c66d0d35b20feb5c2f1454f03e59e;hb=7928c52695e38f3fc1a5643e14de1abd84829ec1;hp=f880eafad6986950ea39bb344663ab4d74fbd70a;hpb=9ec8b91463d0c625e2e561fa476abe9c0e9c84ca;p=firewall-squeep

diff --git a/firewall.sh b/firewall.sh
index f880eaf..145ee59 100755
--- a/firewall.sh
+++ b/firewall.sh
@@ -71,25 +71,9 @@ do
 	$IPTABLES -A INPUT -p tcp --tcp-flags ${flags} -j DROP
 done
 
-create_set allowed_udp bitmap:port range 0-65535
-create_set allowed_tcp bitmap:port range 0-65535
+./services ${EXT_IF}
 
-for sfx in '' ".$(hostname -s)"
-do
-	if [ -e "services${sfx}" ]
-	then
-
-		for l in $(decommentcat "services${sfx}")
-		do
-			allow_services "${l}"
-		done
-	fi
-done
-
-$IPTABLES -A INPUT -i "${EXT_IF}" -p tcp -m set --match-set allowed_tcp dst -j ACCEPT
-$IPTABLES -A INPUT -i "${EXT_IF}" -p udp -m set --match-set allowed_udp dst -j ACCEPT
-$IP6TABLES -A INPUT -i "${EXT_IF}" -p tcp -m set --match-set allowed_tcp dst -j ACCEPT
-$IP6TABLES -A INPUT -i "${EXT_IF}" -p udp -m set --match-set allowed_udp dst -j ACCEPT
+create_drop_chain xenophobe
 
 # insert asia blocker
 ./sinokorea.sh