projects / firewall-squeep / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
create xenophobe chain in main firewall script
[firewall-squeep] / common.sh
diff --git a/common.sh b/common.sh
index f2a7f549dfaf4122dfacbdcb7ce489ef7ae31e71..1309518af3bce28ffed72d4eb3c72be87ba6d3da 100644 (file)
--- a/common.sh
+++ b/common.sh
@@ -20,6 +20,28 @@ function create_set(){
        fi
 }
 
+function create_drop_chain(){
+       local chain="$1"
+
+       if ! $IPTABLES -L "${chain}" >/dev/null 2>&1
+       then
+               echo "initializing chain '${chain}'"
+               $IPTABLES -N "${chain}" || $IPTABLES -F "${chain}"
+               $IPTABLES -A "${chain}" -m conntrack --ctstate ESTABLISHED,RELATED -j RETURN
+               $IPTABLES -A "${chain}" -j REJECT --reject-with icmp-port-unreachable
+               $IPTABLES -v -L "${chain}"
+       fi
+
+       if ! $IP6TABLES -L "${chain}" >/dev/null 2>&1
+       then
+               echo "initializing chain '${chain}' ipv6"
+               $IP6TABLES -N "${chain}" || $IP6TABLES -F "${chain}"
+               $IP6TABLES -A "${chain}" -m conntrack --ctstate ESTABLISHED,RELATED -j RETURN
+               $IP6TABLES -A "${chain}" -j REJECT --reject-with icmp6-port-unreachable
+               $IP6TABLES -v -L "${chain}"
+       fi
+}
+
 function insert_setmatch_rules(){
        local single=0
        if [ "x$1" = "x-single-set" ]
squeep firewall skeleton - very basic initialization scripts for edge servers