projects
/
firewall-squeep
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
xeno add
[firewall-squeep]
/
firewall.sh
diff --git
a/firewall.sh
b/firewall.sh
index 8bf61607de02fcbf03af62915316e24eda5226b0..c55762f75a0db702c9efe4a1ef5ebe935c21d606 100755
(executable)
--- a/
firewall.sh
+++ b/
firewall.sh
@@
-15,7
+15,7
@@
fi
if [ $# -lt 1 ]
then
if [ $# -lt 1 ]
then
- echo "Usage: $(basename "$0") external_interface" 1>&2
+ echo "Usage: $(basename "$0") external_interface
[external_addr]
" 1>&2
exit 64
fi
exit 64
fi
@@
-26,6
+26,13
@@
then
exit 1
fi
exit 1
fi
+is_router=0
+if [ $# -gt 1 ]
+then
+ is_router=1
+ EXT_ADDR="$2"
+fi
+
$IPTABLES -F
$IPTABLES -F INPUT
$IPTABLES -X
$IPTABLES -F
$IPTABLES -F INPUT
$IPTABLES -X
@@
-76,6
+83,11
@@
$IP6TABLES -A INPUT -p esp -j ACCEPT
$IPTABLES -A INPUT -m policy --dir in --pol ipsec -j ACCEPT
$IP6TABLES -A INPUT -m policy --dir in --pol ipsec -j ACCEPT
$IPTABLES -A INPUT -m policy --dir in --pol ipsec -j ACCEPT
$IP6TABLES -A INPUT -m policy --dir in --pol ipsec -j ACCEPT
+if [ $is_router -gt 0 ]
+then
+ $IPTABLES -t nat -A POSTROUTING -o ${EXT_IF} -j SNAT --to ${EXT_ADDR}
+fi
+
./services.sh ${EXT_IF}
create_drop_chain xenophobe
./services.sh ${EXT_IF}
create_drop_chain xenophobe