source: trunk/debian/packages/debwrt-net/trunk/etc/firewall/firewall.sh @ 885

Last change on this file since 885 was 885, checked in by amain, 2 years ago

debwrt-net: update debwrt-dnsmask.conf and add sshl

File size: 1.5 KB
Line 
1#!/bin/sh
2#
3# Minimal firewal script
4#
5# Johan van Zoomeren <amain@debwrt.net>
6
7astop=
8astart=
9aflush=
10
11. /lib/lsb/init-functions
12
13# Remove # here and below to enable transparent sslh support
14#. $(dirname ${0})/sslh.inc.sh
15
16IPT=/sbin/iptables
17
18modules() {
19    log_warning_msg 'Loading iptables/netfilter kernel modules manually. Auto loading is broken...'
20
21    modprobe -a nf_conntrack_ipv4 \
22                xt_state \
23                xt_multiport \
24                xt_mark
25}
26
27flush() {
28    $IPT -t filter -F
29    $IPT -t filter -X
30    $IPT -t nat    -F
31    $IPT -t nat    -X
32
33    for flush in ${aflush}
34    do
35        ${flush}
36    done
37}
38
39start() {
40    flush
41
42    $IPT -t filter -A INPUT       -m state --state RELATED,ESTABLISHED -i wan -j ACCEPT
43    # sslh on port 443
44    #$IPT -t filter -A INPUT       -p tcp   --dport 443                 -i wan -j ACCEPT
45    $IPT -t filter -A INPUT       -i wan -j DROP
46
47    $IPT -t filter -A FORWARD     -m state --state RELATED,ESTABLISHED -i wan -j ACCEPT
48    $IPT -t filter -A FORWARD     -i wan -j DROP
49
50    #$IPT -t nat    -A POSTROUTING -o wan -j SNAT --to-source "replace: WAN-IF-IP"
51    $IPT -t nat    -A POSTROUTING -o wan -j MASQUERADE
52
53    for start in ${astart}
54    do
55        ${start}
56    done
57
58    log_action_end_msg 0
59}
60
61stop() {
62        flush
63        log_action_end_msg 0
64}
65
66case $1 in
67        start)
68                modules
69                log_action_begin_msg 'Loading firewall - starting'
70                start
71        ;;
72        stop)
73                log_action_begin_msg 'Loading firewall - stopping'
74                stop
75        ;;
76        *)
77                echo "usage: `basename $0` start|stop"
78        ;;
79esac
80
Note: See TracBrowser for help on using the repository browser.