projects / firewall-squeep / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
xeno add
[firewall-squeep] / router.sh
diff --git a/router.sh b/router.sh
index b45d988dbb46fd412fc66d4562c037f9d9658d09..c2c74c3123ee09b05f8fb6a4bd276f0d1199c283 100755 (executable)
--- a/router.sh
+++ b/router.sh
@@ -14,9 +14,6 @@ EXT6_IF=he6
 INT6_IF=eth5
 SUBNET6='2001:470:1f05:cb8::/64'
 
-UPLINK=11232 #kbit
-BURST=15 #k
-
 # note that behavior between v4 and v6 is slightly different
 
 ###
@@ -201,11 +198,7 @@ $IPTABLES -t nat -A POSTROUTING -o ${EXT_IF} -j SNAT --to ${EXT}
 # accept internal network traffic
 $IPTABLES -A INPUT -i ${INT_IF} -j ACCEPT
 
-# accept list of external ports
-$IPTABLES -A INPUT -i ${EXT_IF} -p tcp -m set --match-set allowed_tcp dst -j ACCEPT
-$IPTABLES -A INPUT -i ${EXT_IF} -p udp -m set --match-set allowed_udp dst -j ACCEPT
-$IP6TABLES -A INPUT -i ${EXT6_IF} -p tcp -m set --match-set allowed_tcp dst -j ACCEPT
-$IP6TABLES -A INPUT -i ${EXT6_IF} -p udp -m set --match-set allowed_udp dst -j ACCEPT
+./services ${EXT_IF} ${EXT6_IF}
 
 # load rules
 # inserts, so stack order matters
squeep firewall skeleton - very basic initialization scripts for edge servers