X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=firewall.sh;h=145ee596f86c66d0d35b20feb5c2f1454f03e59e;hb=468137e91e328a5603aafd9dea23ff096851fe38;hp=eab2cb3404574a08d4f8b914022ee7c3d7ef9786;hpb=26febd7376e8c1679d5d088d71d73bc64585ec1e;p=firewall-squeep

diff --git a/firewall.sh b/firewall.sh
index eab2cb3..145ee59 100755
--- a/firewall.sh
+++ b/firewall.sh
@@ -71,23 +71,12 @@ do
 	$IPTABLES -A INPUT -p tcp --tcp-flags ${flags} -j DROP
 done
 
-create_set allowed_udp bitmap:port range 0-65535
-create_set allowed_tcp bitmap:port range 0-65535
+./services ${EXT_IF}
 
-# common services
-allow_services ssh smtp submission domain ntp
+create_drop_chain xenophobe
 
-# per-host services
-srv_file="services.$(hostname -s)"
-if [ -e "${srv_file}" ]
-then
-	. "${srv_file}"
-fi
-
-$IPTABLES -A INPUT -i "${EXT_IF}" -p tcp -m set --match-set allowed_tcp dst -j ACCEPT
-$IPTABLES -A INPUT -i "${EXT_IF}" -p udp -m set --match-set allowed_udp dst -j ACCEPT
-$IP6TABLES -A INPUT -i "${EXT_IF}" -p tcp -m set --match-set allowed_tcp dst -j ACCEPT
-$IP6TABLES -A INPUT -i "${EXT_IF}" -p udp -m set --match-set allowed_udp dst -j ACCEPT
+# insert asia blocker
+./sinokorea.sh
 
 # insert persistent-pest-blocker
 ./xenophobe.sh