diff options
author | Jonas Smedegaard <dr@jones.dk> | 2017-01-26 14:30:08 +0100 |
---|---|---|
committer | Jonas Smedegaard <dr@jones.dk> | 2017-01-26 14:30:08 +0100 |
commit | e042b7bced715a9d0d6c660df453b1b68f263316 (patch) | |
tree | 13f1bcd2f7cccf87718d92b5fc9a112d4c3ea455 /ipmasq/rules/O80firewall.def | |
parent | c778483fbd7829e2d41157ae6be2d7f1eef709f5 (diff) |
Drop ancient unused files.
Diffstat (limited to 'ipmasq/rules/O80firewall.def')
-rw-r--r-- | ipmasq/rules/O80firewall.def | 159 |
1 files changed, 0 insertions, 159 deletions
diff --git a/ipmasq/rules/O80firewall.def b/ipmasq/rules/O80firewall.def deleted file mode 100644 index d6fe9f8..0000000 --- a/ipmasq/rules/O80firewall.def +++ /dev/null @@ -1,159 +0,0 @@ -# You should not edit this file. Instead, create a file with the same -# name as this one, but with a .rul extension instead of .def. The -# .rul file will override this one. -# -# However, any changes you make to this file will be preserved. - -# Packet filter firewall script for ipmasq (GPL) -# By Osamu Aoki <osamu@aokiconsulting.com> -# -# Firewall are set for external network connection ports listed in $EXTERNAL -# Little consideration taken for shared port. -# -echo "# Firewall for outgoing packets" -############################################################################### -# QUIET ADDRESS (REJECT for internal request) RULES -if [ -n "$EXTERNAL" ]; then - for i in $EXTERNAL; do - ipnm_cache $i - for j in $QADDR; do - case $MASQMETHOD in - ipfwadm) - $IPFWADM -O -a reject -W ${i%%:*} -D $j - ;; - ipchains) - $IPCHAINS --no-warnings -A output -j REJECT -i ${i%%:*} -d $j - ;; - netfilter) - $IPTABLES -A OUTPUT -j REJECT -o ${i%%:*} -d $j - ;; - esac - done - done -fi - -############################################################################### -# ALLOW OUTPUT TCP RULES -if [ -n "$EXTERNAL" ]; then - for i in $EXTERNAL; do - ipnm_cache $i - for j in $ATCPSVR; do - case $MASQMETHOD in - ipfwadm) - $IPFWADM -O -a accept -W ${i%%:*} -S $IPOFIF/$NMOFIF $j -P tcp - ;; - ipchains) - $IPCHAINS -A output -j ACCEPT -i ${i%%:*} -s $IPOFIF/$NMOFIF $j -p tcp - ;; - netfilter) - $IPTABLES -A OUTPUT -j ACCEPT -o ${i%%:*} -s $IPOFIF/$NMOFIF -p tcp --source-port $j - ;; - esac - done - done -fi - -# ALLOW OUTPUT UDP RULES -if [ -n "$EXTERNAL" ]; then - for i in $EXTERNAL; do - ipnm_cache $i - for j in $AUDPSVR; do - case $MASQMETHOD in - ipfwadm) - $IPFWADM -O -a accept -W ${i%%:*} -S $IPOFIF/$NMOFIF $j -P udp - ;; - ipchains) - $IPCHAINS -A output -j ACCEPT -i ${i%%:*} -s $IPOFIF/$NMOFIF $j -p udp - ;; - netfilter) - $IPTABLES -A OUTPUT -j ACCEPT -o ${i%%:*} -s $IPOFIF/$NMOFIF -p udp --source-port $j - ;; - esac - done - done -fi - -############################################################################### -# QUIET OUTPUT TCP RULES -if [ -n "$EXTERNAL" ]; then - for i in $EXTERNAL; do - ipnm_cache $i - for j in $QTCPSVR; do - case $MASQMETHOD in - ipfwadm) - $IPFWADM -O -a deny -W ${i%%:*} -S 0.0.0.0/0 $j -P tcp - ;; - ipchains) - $IPCHAINS --no-warnings -A output -j DENY -i ${i%%:*} -s 0.0.0.0/0 $j -p tcp - ;; - netfilter) - $IPTABLES -A OUTPUT -j DROP -o ${i%%:*} -s 0.0.0.0/0 -p tcp --source-port $j - ;; - esac - done - done -fi - -# QUIET OUTPUT UDP RULES -if [ -n "$EXTERNAL" ]; then - for i in $EXTERNAL; do - ipnm_cache $i - for j in $QUDPSVR; do - case $MASQMETHOD in - ipfwadm) - $IPFWADM -O -a deny -W ${i%%:*} -S 0.0.0.0/0 $j -P udp - ;; - ipchains) - $IPCHAINS --no-warnings -A output -j DENY -i ${i%%:*} -s 0.0.0.0/0 $j -p udp - ;; - netfilter) - $IPTABLES -A OUTPUT -j DROP -o ${i%%:*} -s 0.0.0.0/0 -p udp --source-port $j - ;; - esac - done - done -fi - -############################################################################### -# DENY OUTPUT TCP RULES -if [ -n "$EXTERNAL" ]; then - for i in $EXTERNAL; do - ipnm_cache $i - for j in $DTCPSVR; do - case $MASQMETHOD in - ipfwadm) - $IPFWADM -O -a deny -W ${i%%:*} -S 0.0.0.0/0 $j -P tcp -o - ;; - ipchains) - $IPCHAINS --no-warnings -A output -j DENY -i ${i%%:*} -s 0.0.0.0/0 $j -p tcp -l - ;; - netfilter) - $IPTABLES -A OUTPUT -j LOG -o ${i%%:*} -s 0.0.0.0/0 -p tcp --source-port $j - $IPTABLES -A OUTPUT -j DROP -o ${i%%:*} -s 0.0.0.0/0 -p tcp --source-port $j - ;; - esac - done - done -fi - -# DENY OUTPUT UDP RULES -if [ -n "$EXTERNAL" ]; then - for i in $EXTERNAL; do - ipnm_cache $i - for j in $DUDPSVR; do - case $MASQMETHOD in - ipfwadm) - $IPFWADM -O -a deny -W ${i%%:*} -S 0.0.0.0/0 $j -P udp -o - ;; - ipchains) - $IPCHAINS --no-warnings -A output -j DENY -i ${i%%:*} -s 0.0.0.0/0 $j -p udp -l - ;; - netfilter) - $IPTABLES -A OUTPUT -j LOG -o ${i%%:*} -s 0.0.0.0/0 -p udp --source-port $j - $IPTABLES -A OUTPUT -j DROP -o ${i%%:*} -s 0.0.0.0/0 -p udp --source-port $j - ;; - esac - done - done -fi -echo "#" |