diff options
Diffstat (limited to 'ipmasq/rules/I80firewall.def')
-rw-r--r-- | ipmasq/rules/I80firewall.def | 158 |
1 files changed, 0 insertions, 158 deletions
diff --git a/ipmasq/rules/I80firewall.def b/ipmasq/rules/I80firewall.def deleted file mode 100644 index ee1a507..0000000 --- a/ipmasq/rules/I80firewall.def +++ /dev/null @@ -1,158 +0,0 @@ -# You should not edit this file. Instead, create a file with the same -# name as this one, but with a .rul extension instead of .def. The -# .rul file will override this one. -# -# However, any changes you make to this file will be preserved. - -# Packet filter firewall script for ipmasq (GPL) -# By Osamu Aoki <osamu@aokiconsulting.com> -# -# Firewall are set for external network connection ports listed in $EXTERNAL -# Little consideration taken for shared port. -# -echo "# Firewall for incoming packets" -############################################################################### -# QUIET INPUT ADDRESS (Deny for forein packet) RULES -if [ -n "$EXTERNAL" ]; then - for i in $EXTERNAL; do - ipnm_cache $i - for j in $QADDR; do - case $MASQMETHOD in - ipfwadm) - $IPFWADM -I -a deny -W ${i%%:*} -S $j - ;; - ipchains) - $IPCHAINS --no-warnings -A input -j DENY -i ${i%%:*} -s $j - ;; - netfilter) - $IPTABLES -A INPUT -j DROP -i ${i%%:*} -s $j - ;; - esac - done - done -fi -############################################################################### -# ALLOW INPUT TCP RULES -if [ -n "$EXTERNAL" ]; then - for i in $EXTERNAL; do - ipnm_cache $i - for j in $ATCPSVR; do - case $MASQMETHOD in - ipfwadm) - $IPFWADM -I -a accept -W ${i%%:*} -D $IPOFIF/$NMOFIF $j -P tcp - ;; - ipchains) - $IPCHAINS -A input -j ACCEPT -i ${i%%:*} -d $IPOFIF/$NMOFIF $j -p tcp - ;; - netfilter) - $IPTABLES -A INPUT -j ACCEPT -i ${i%%:*} -d $IPOFIF/$NMOFIF -p tcp --destination-port $j - ;; - esac - done - done -fi - -# ALLOW INPUT UDP RULES -if [ -n "$EXTERNAL" ]; then - for i in $EXTERNAL; do - ipnm_cache $i - for j in $AUDPSVR; do - case $MASQMETHOD in - ipfwadm) - $IPFWADM -I -a accept -W ${i%%:*} -D $IPOFIF/$NMOFIF $j -P udp - ;; - ipchains) - $IPCHAINS -A input -j ACCEPT -i ${i%%:*} -d $IPOFIF/$NMOFIF $j -p udp - ;; - netfilter) - $IPTABLES -A INPUT -j ACCEPT -i ${i%%:*} -d $IPOFIF/$NMOFIF -p udp --destination-port $j - ;; - esac - done - done -fi - -############################################################################### -# QUIET INPUT TCP RULES -if [ -n "$EXTERNAL" ]; then - for i in $EXTERNAL; do - ipnm_cache $i - for j in $QTCPSVR; do - case $MASQMETHOD in - ipfwadm) - $IPFWADM -I -a deny -W ${i%%:*} -D $IPOFIF/$NMOFIF $j -P tcp - ;; - ipchains) - $IPCHAINS --no-warnings -A input -j DENY -i ${i%%:*} -d $IPOFIF/$NMOFIF $j -p tcp - ;; - netfilter) - $IPTABLES -A INPUT -j DROP -i ${i%%:*} -d $IPOFIF/$NMOFIF -p tcp --destination-port $j - ;; - esac - done - done -fi - -# QUIET INPUT UDP RULES -if [ -n "$EXTERNAL" ]; then - for i in $EXTERNAL; do - ipnm_cache $i - for j in $QUDPSVR; do - case $MASQMETHOD in - ipfwadm) - $IPFWADM -I -a deny -W ${i%%:*} -D $IPOFIF/$NMOFIF $j -P udp - ;; - ipchains) - $IPCHAINS --no-warnings -A input -j DENY -i ${i%%:*} -d $IPOFIF/$NMOFIF $j -p udp - ;; - netfilter) - $IPTABLES -A INPUT -j DROP -i ${i%%:*} -d $IPOFIF/$NMOFIF -p udp --destination-port $j - ;; - esac - done - done -fi - -############################################################################### -# DENY INPUT TCP RULES -if [ -n "$EXTERNAL" ]; then - for i in $EXTERNAL; do - ipnm_cache $i - for j in $DTCPSVR; do - case $MASQMETHOD in - ipfwadm) - $IPFWADM -I -a deny -W ${i%%:*} -D $IPOFIF/$NMOFIF $j -P tcp -o - ;; - ipchains) - $IPCHAINS --no-warnings -A input -j DENY -i ${i%%:*} -d $IPOFIF/$NMOFIF $j -p tcp -l - ;; - netfilter) - $IPTABLES -A INPUT -j LOG -i ${i%%:*} -d $IPOFIF/$NMOFIF -p tcp --destination-port $j - $IPTABLES -A INPUT -j DROP -i ${i%%:*} -d $IPOFIF/$NMOFIF -p tcp --destination-port $j - ;; - esac - done - done -fi - -# DENY INPUT UDP RULES -if [ -n "$EXTERNAL" ]; then - for i in $EXTERNAL; do - ipnm_cache $i - for j in $DUDPSVR; do - case $MASQMETHOD in - ipfwadm) - $IPFWADM -I -a deny -W ${i%%:*} -D $IPOFIF/$NMOFIF $j -P udp -o - ;; - ipchains) - $IPCHAINS --no-warnings -A input -j DENY -i ${i%%:*} -d $IPOFIF/$NMOFIF $j -p udp -l - ;; - netfilter) - $IPTABLES -A INPUT -j LOG -i ${i%%:*} -d $IPOFIF/$NMOFIF -p udp --destination-port $j - $IPTABLES -A INPUT -j DROP -i ${i%%:*} -d $IPOFIF/$NMOFIF -p udp --destination-port $j - ;; - esac - done - done -fi -echo "#" |