git.squeep.com Git - firewall-squeep/blob - services.sh

   1 #!/bin/bash
   2
   3 set -e
   4
   5 . ./common.sh
   6
   7 IFOPT=""
   8 IF6OPT=""
   9 if [[ $# -eq 1 ]]
  10 then
  11         IFOPT="-i $1"
  12         IF6OPT="-i $1"
  13 fi
  14 if [[ $# -eq 2 ]]
  15 then
  16         IFOPT="-i $1"
  17         IF6OPT="-i $2"
  18 fi
  19
  20 for p in udp tcp
  21 do
  22         create_set allowed_${p} bitmap:port range 0-65535
  23         if ! $IPTABLES -C INPUT ${IFOPT} -p ${p} -m set --match-set allowed_${p} dst -j ACCEPT
  24         then
  25                 $IPTABLES -A INPUT ${IFOPT} -p ${p} -m set --match-set allowed_${p} dst -j ACCEPT
  26         fi
  27         if ! $IP6TABLES -C INPUT ${IF6OPT} -p ${p} -m set --match-set allowed_${p} dst -j ACCEPT
  28         then
  29                 $IP6TABLES -A INPUT ${IF6OPT} -p ${p} -m set --match-set allowed_${p} dst -j ACCEPT
  30         fi
  31 done
  32
  33 for sfx in '' ".$(hostname -s)"
  34 do
  35         if [ -e "services${sfx}" ]
  36         then
  37                 for l in $(decommentcat "services${sfx}")
  38                 do
  39                         allow_services "${l}"
  40                 done
  41         fi
  42 done