From 468137e91e328a5603aafd9dea23ff096851fe38 Mon Sep 17 00:00:00 2001 From: Justin Wind Date: Sun, 1 Oct 2017 15:32:23 -0700 Subject: [PATCH] firewall uses services --- firewall.sh | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/firewall.sh b/firewall.sh index 356075c..145ee59 100755 --- a/firewall.sh +++ b/firewall.sh @@ -71,25 +71,7 @@ do $IPTABLES -A INPUT -p tcp --tcp-flags ${flags} -j DROP done -create_set allowed_udp bitmap:port range 0-65535 -create_set allowed_tcp bitmap:port range 0-65535 - -for sfx in '' ".$(hostname -s)" -do - if [ -e "services${sfx}" ] - then - - for l in $(decommentcat "services${sfx}") - do - allow_services "${l}" - done - fi -done - -$IPTABLES -A INPUT -i "${EXT_IF}" -p tcp -m set --match-set allowed_tcp dst -j ACCEPT -$IPTABLES -A INPUT -i "${EXT_IF}" -p udp -m set --match-set allowed_udp dst -j ACCEPT -$IP6TABLES -A INPUT -i "${EXT_IF}" -p tcp -m set --match-set allowed_tcp dst -j ACCEPT -$IP6TABLES -A INPUT -i "${EXT_IF}" -p udp -m set --match-set allowed_udp dst -j ACCEPT +./services ${EXT_IF} create_drop_chain xenophobe -- 2.45.2