projects / firewall-squeep / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
more better services
[firewall-squeep] / firewall.sh
diff --git a/firewall.sh b/firewall.sh
index eab2cb3404574a08d4f8b914022ee7c3d7ef9786..dbc0c3f47328828a09938e1083c0ff1fdfcaa41e 100755 (executable)
--- a/firewall.sh
+++ b/firewall.sh
@@ -74,15 +74,17 @@ done
 create_set allowed_udp bitmap:port range 0-65535
 create_set allowed_tcp bitmap:port range 0-65535
 
-# common services
-allow_services ssh smtp submission domain ntp
-
-# per-host services
-srv_file="services.$(hostname -s)"
-if [ -e "${srv_file}" ]
-then
-       . "${srv_file}"
-fi
+for sfx in '' ".$(hostname -s)"
+do
+       if [ -e "services${sfx}" ]
+       then
+
+               for l in $(decommentcat "services${sfx}")
+               do
+                       allow_services "${l}"
+               done
+       fi
+done
 
 $IPTABLES -A INPUT -i "${EXT_IF}" -p tcp -m set --match-set allowed_tcp dst -j ACCEPT
 $IPTABLES -A INPUT -i "${EXT_IF}" -p udp -m set --match-set allowed_udp dst -j ACCEPT
squeep firewall skeleton - very basic initialization scripts for edge servers