$IPTABLES -A INPUT -p tcp --tcp-flags ${flags} -j DROP
done
-create_set allowed_udp bitmap:port range 0-65535
-create_set allowed_tcp bitmap:port range 0-65535
+./services ${EXT_IF}
-# common services
-allow_services ssh smtp submission domain ntp
+create_drop_chain xenophobe
-# per-host services
-srv_file="services.$(hostname -s)"
-if [ -e "${srv_file}" ]
-then
- . "${srv_file}"
-fi
-
-$IPTABLES -A INPUT -i "${EXT_IF}" -p tcp -m set --match-set allowed_tcp dst -j ACCEPT
-$IPTABLES -A INPUT -i "${EXT_IF}" -p udp -m set --match-set allowed_udp dst -j ACCEPT
-$IP6TABLES -A INPUT -i "${EXT_IF}" -p tcp -m set --match-set allowed_tcp dst -j ACCEPT
-$IP6TABLES -A INPUT -i "${EXT_IF}" -p udp -m set --match-set allowed_udp dst -j ACCEPT
+# insert asia blocker
+./sinokorea.sh
# insert persistent-pest-blocker
./xenophobe.sh