projects / firewall-squeep / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
firewall uses services
[firewall-squeep] / firewall.sh
diff --git a/firewall.sh b/firewall.sh
index dbc0c3f47328828a09938e1083c0ff1fdfcaa41e..145ee596f86c66d0d35b20feb5c2f1454f03e59e 100755 (executable)
--- a/firewall.sh
+++ b/firewall.sh
@@ -71,25 +71,12 @@ do
        $IPTABLES -A INPUT -p tcp --tcp-flags ${flags} -j DROP
 done
 
-create_set allowed_udp bitmap:port range 0-65535
-create_set allowed_tcp bitmap:port range 0-65535
+./services ${EXT_IF}
 
-for sfx in '' ".$(hostname -s)"
-do
-       if [ -e "services${sfx}" ]
-       then
-
-               for l in $(decommentcat "services${sfx}")
-               do
-                       allow_services "${l}"
-               done
-       fi
-done
+create_drop_chain xenophobe
 
-$IPTABLES -A INPUT -i "${EXT_IF}" -p tcp -m set --match-set allowed_tcp dst -j ACCEPT
-$IPTABLES -A INPUT -i "${EXT_IF}" -p udp -m set --match-set allowed_udp dst -j ACCEPT
-$IP6TABLES -A INPUT -i "${EXT_IF}" -p tcp -m set --match-set allowed_tcp dst -j ACCEPT
-$IP6TABLES -A INPUT -i "${EXT_IF}" -p udp -m set --match-set allowed_udp dst -j ACCEPT
+# insert asia blocker
+./sinokorea.sh
 
 # insert persistent-pest-blocker
 ./xenophobe.sh
squeep firewall skeleton - very basic initialization scripts for edge servers