projects
/
firewall-squeep
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
streamlined more common functionality
[firewall-squeep]
/
firewall.sh
diff --git
a/firewall.sh
b/firewall.sh
index 34184eefcdaa2091b669dcca60a0c6e2cfda0697..4106807247651f4dfa3ae9fdbcf3dd93bd4aec66 100755
(executable)
--- a/
firewall.sh
+++ b/
firewall.sh
@@
-2,9
+2,7
@@
set -e
set -e
-IPTABLES=$(which iptables)
-IP6TABLES=$(which ip6tables)
-IPSET=$(which ipset)
+. ./common.sh
debug=0
debug=0
@@
-73,8
+71,9
@@
do
$IPTABLES -A INPUT -p tcp --tcp-flags ${flags} -j DROP
done
$IPTABLES -A INPUT -p tcp --tcp-flags ${flags} -j DROP
done
-$IPSET -exist create allowed_udp bitmap:port range 0-65535
-$IPSET -exist create allowed_tcp bitmap:port range 0-65535
+create_set allowed_udp bitmap:port range 0-65535
+create_set allowed_tcp bitmap:port range 0-65535
+
for p in 22 25 53 80 143 443 587 993 1194 5000 5222 5269 22556 64738
do
$IPSET -exist add allowed_tcp ${p}
for p in 22 25 53 80 143 443 587 993 1194 5000 5222 5269 22556 64738
do
$IPSET -exist add allowed_tcp ${p}