X-Git-Url: http://git.squeep.com/?p=firewall-squeep;a=blobdiff_plain;f=services.sh;fp=services.sh;h=32d7576f2c5808a2cb9af3ba836993730c68853a;hp=0000000000000000000000000000000000000000;hb=3d7987337f881e38e8537233959c78054147e737;hpb=c52c7a2afd3178fc24d812e3a1e7692f8b052aff

diff --git a/services.sh b/services.sh
new file mode 100755
index 0000000..32d7576
--- /dev/null
+++ b/services.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+set -e
+
+. ./common.sh
+
+IFOPT=""
+IF6OPT=""
+if [[ $# -eq 1 ]]
+then
+	IFOPT="-i $1"
+	IF6OPT="-i $1"
+fi
+if [[ $# -eq 2 ]]
+then
+	IFOPT="-i $1"
+	IF6OPT="-i $2"
+fi
+
+for p in udp tcp
+do
+	create_set allowed_${p} bitmap:port range 0-65535
+	if ! $IPTABLES -C INPUT ${IFOPT} -p ${p} -m set --match-set allowed_${p} dst -j ACCEPT
+	then
+		$IPTABLES -A INPUT ${IFOPT} -p ${p} -m set --match-set allowed_${p} dst -j ACCEPT
+	fi
+	if ! $IP6TABLES -C INPUT ${IF6OPT} -p ${p} -m set --match-set allowed_${p} dst -j ACCEPT
+	then
+		$IP6TABLES -A INPUT ${IF6OPT} -p ${p} -m set --match-set allowed_${p} dst -j ACCEPT
+	fi
+done
+
+for sfx in '' ".$(hostname -s)"
+do
+	if [ -e "services${sfx}" ]
+	then
+		for l in $(decommentcat "services${sfx}")
+		do
+			allow_services "${l}"
+		done
+	fi
+done