--- /dev/null
+#!/bin/bash
+
+set -e
+
+. ./common.sh
+
+IFOPT=""
+IF6OPT=""
+if [[ $# -eq 1 ]]
+then
+ IFOPT="-i $1"
+ IF6OPT="-i $1"
+fi
+if [[ $# -eq 2 ]]
+then
+ IFOPT="-i $1"
+ IF6OPT="-i $2"
+fi
+
+for p in udp tcp
+do
+ create_set allowed_${p} bitmap:port range 0-65535
+ if ! $IPTABLES -C INPUT ${IFOPT} -p ${p} -m set --match-set allowed_${p} dst -j ACCEPT
+ then
+ $IPTABLES -A INPUT ${IFOPT} -p ${p} -m set --match-set allowed_${p} dst -j ACCEPT
+ fi
+ if ! $IP6TABLES -C INPUT ${IF6OPT} -p ${p} -m set --match-set allowed_${p} dst -j ACCEPT
+ then
+ $IP6TABLES -A INPUT ${IF6OPT} -p ${p} -m set --match-set allowed_${p} dst -j ACCEPT
+ fi
+done
+
+for sfx in '' ".$(hostname -s)"
+do
+ if [ -e "services${sfx}" ]
+ then
+ for l in $(decommentcat "services${sfx}")
+ do
+ allow_services "${l}"
+ done
+ fi
+done
projects / firewall-squeep / blobdiff