Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 132068 Details for
Bug 194059
sys-kernel/gentoo-sources-2.6.22-r8: ppp patch
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
iptables script
kmyfirewall.sh (text/plain), 8.78 KB, created by
Toralf Förster
on 2007-09-28 08:16:41 UTC
(
hide
)
Description:
iptables script
Filename:
MIME Type:
Creator:
Toralf Förster
Created:
2007-09-28 08:16:41 UTC
Size:
8.78 KB
patch
obsolete
>#!/bin/sh ># ># copyright (c) the KMyFirewall developers 2002-2005 ># PLease reprt bugs to: Christian Hubinger <chubinegr@gmail.com> ># ># This program is distributed under the terms of the GPL v2 ># ># KMyFirewall v1.0.1 ># This is an automatic generated file DO NOT EDIT ># > > >startFirewall() { > >echo -n "Starting iptables (created by KMyFirewall)... " >if [ "$verbose" = "1" ]; then > echo -n " > Loading needed modules... " >fi > > >$MOD ip_tables >$MOD ip_conntrack >$MOD ipt_LOG >$MOD ipt_limit >$MOD ipt_state >$MOD ip_conntrack_ftp > >$MOD iptable_filter >$MOD iptable_nat >$MOD iptable_mangle >if [ "$verbose" = "1" ]; then > echo "Done." >fi > > ># Rules: >if [ "$verbose" = "1" ]; then > echo "Settup Rules in Table FILTER:" >fi > > > > ># Define Rules for Chain: INPUT >if [ "$verbose" = "1" ]; then > echo "Create Rules for Chain: INPUT" >fi > >$IPT -t filter -A INPUT --match state --state RELATED,ESTABLISHED -j ACCEPT >$IPT -t filter -A INPUT --in-interface lo --source 127.0.0.1 -j ACCEPT >$IPT -t filter -A INPUT --source 192.168.0.0/24 -j ACCEPT > ># auth ># >$IPT -t filter -A INPUT -p tcp --destination-port 113 -j REJECT > ># bootp ># >$IPT -t filter -A INPUT -p udp --match multiport --destination-ports 67,68 -j DROP > ># epmap ># >$IPT -t filter -A INPUT -p tcp --destination-port 135 -j DROP > ># netbios ># >$IPT -t filter -A INPUT -p udp --match multiport --destination-ports 137,138,139 -j DROP > ># messenger ># >$IPT -t filter -A INPUT -p udp --match multiport --destination-ports 1026,1027 -j DROP > ># Lotus Notes ># >$IPT -t filter -A INPUT --source 9.0.0.0/8 -p tcp --source-port 1352 -j ACCEPT > ># Lotus Sametime sendfile ># >$IPT -t filter -A INPUT --source 9.0.0.0/8 -p tcp --destination-port 5656 -j ACCEPT > ># block unwanted connection requests from outside ># >$IPT -t filter -A INPUT --in-interface ppp0 -m recent --update --seconds 60 --name ppp0 -j DROP >$IPT -t filter -A INPUT --in-interface ath0 -m recent --update --seconds 60 --name ath0 -j DROP > >$IPT -t filter -A INPUT --in-interface ppp0 -m recent --set --name ppp0 -j DROP >$IPT -t filter -A INPUT --in-interface ath0 -m recent --set --name ath0 -j DROP > >$IPT -t filter -A INPUT -m limit --limit 1/second --limit-burst 5 -j LOG --log-prefix "FW_IN: " >$IPT -t filter -P INPUT DROP > > ># Define Rules for Chain: OUTPUT >if [ "$verbose" = "1" ]; then > echo "Create Rules for Chain: OUTPUT" >fi > >$IPT -t filter -A OUTPUT --match state --state RELATED,ESTABLISHED -j ACCEPT >$IPT -t filter -A OUTPUT --out-interface lo --source 127.0.0.1 -j ACCEPT >$IPT -t filter -A OUTPUT --destination 192.168.0.0/24 -j ACCEPT > ># www ># >$IPT -t filter -A OUTPUT -p tcp --match multiport --destination-ports 80,443,8080 -j ACCEPT > ># ntp ># >$IPT -t filter -A OUTPUT -p udp --destination-port 123 -j ACCEPT > ># dns ># >$IPT -t filter -A OUTPUT -p tcp --destination-port 53 -j ACCEPT >$IPT -t filter -A OUTPUT -p udp --destination-port 53 -j ACCEPT > ># smtp(s) ># >$IPT -t filter -A OUTPUT -p tcp --match multiport --destination-ports 25,465 -j ACCEPT > ># pop3(s) ># >$IPT -t filter -A OUTPUT -p tcp --match multiport --destination-ports 110,995 -j ACCEPT > ># klive ># >$IPT -t filter -A OUTPUT --destination 62.149.195.36 -p udp --destination-port 4921 -j ACCEPT > ># ftp ># >$IPT -t filter -A OUTPUT -p tcp --destination-port 21 -j ACCEPT >$IPT -t filter -A OUTPUT -p tcp --destination-port 22 -j ACCEPT > ># auth ># >$IPT -t filter -A OUTPUT -p tcp --destination-port 113 -j ACCEPT > ># nntp,nntps ># >$IPT -t filter -A OUTPUT -p tcp --match multiport --destination-ports 119,563 -j ACCEPT > ># rtsp ># >$IPT -t filter -A OUTPUT -p tcp --destination-port 554 -j ACCEPT >$IPT -t filter -A OUTPUT -p udp --destination-port 554 -j ACCEPT > ># rsync ># >$IPT -t filter -A OUTPUT -p tcp --destination-port 873 -j ACCEPT > ># irc ># >$IPT -t filter -A OUTPUT -p tcp --destination-port 6667 -j ACCEPT > ># cddb ># >$IPT -t filter -A OUTPUT -p tcp --match multiport --destination-ports 888,8880 -j ACCEPT >$IPT -t filter -A OUTPUT -p udp --match multiport --port 8880 -j ACCEPT > ># ms-streaming ># >$IPT -t filter -A OUTPUT -p tcp --destination-port 1755 -j ACCEPT > ># realplay ># >$IPT -t filter -A OUTPUT -p tcp --destination-port 7070 -j ACCEPT > ># cvs ># >$IPT -t filter -A OUTPUT -p tcp --destination-port 2401 -j ACCEPT > ># git ># >$IPT -t filter -A OUTPUT -p tcp --destination-port 9418 -j ACCEPT > ># svn ># >$IPT -t filter -A OUTPUT -p tcp --destination-port 3690 -j ACCEPT > ># hkp ># >$IPT -t filter -A OUTPUT -p tcp --destination-port 11371 -j ACCEPT > ># jap ># >$IPT -t filter -A OUTPUT -p tcp --match multiport --destination-ports 6543,6544 -j ACCEPT > >$IPT -t filter -A OUTPUT -m limit --limit 1/second --limit-burst 5 -j LOG --log-prefix "FW_OUT: " >$IPT -t filter -P OUTPUT DROP > > ># Define Rules for Chain: FORWARD >if [ "$verbose" = "1" ]; then > echo "Create Rules for Chain: FORWARD" >fi > >$IPT -t filter -A FORWARD --source 192.168.0.50 -j ACCEPT >$IPT -t filter -A FORWARD --destination 192.168.0.50 -j ACCEPT > >$IPT -t filter -A FORWARD -m limit --limit 1/second --limit-burst 5 -j LOG --log-prefix "FW_FWD: " || { status="1"; echo " Setting up Rule: Chain: FORWARD Drop Logging FAILED! "; exit 1; } >$IPT -t filter -P FORWARD DROP > > >if [ "$verbose" = "1" ]; then > echo "Settup Rules in Table NAT:" >fi > > > > ># Define Rules for Chain: OUTPUT >if [ "$verbose" = "1" ]; then > echo "Create Rules for Chain: OUTPUT" >fi > > >$IPT -t nat -P OUTPUT ACCEPT > > ># Define Rules for Chain: PREROUTING >if [ "$verbose" = "1" ]; then > echo "Create Rules for Chain: PREROUTING" >fi > > >$IPT -t nat -P PREROUTING ACCEPT > > ># Define Rules for Chain: POSTROUTING >if [ "$verbose" = "1" ]; then > echo "Create Rules for Chain: POSTROUTING" >fi > > >$IPT -t nat -A POSTROUTING --out-interface eth0 -j MASQUERADE >$IPT -t nat -A POSTROUTING --out-interface ppp0 -j MASQUERADE >$IPT -t nat -P POSTROUTING ACCEPT > > >if [ "$verbose" = "1" ]; then > echo "Settup Rules in Table MANGLE:" >fi > > > > ># Define Rules for Chain: INPUT >if [ "$verbose" = "1" ]; then > echo "Create Rules for Chain: INPUT" >fi > > >$IPT -t mangle -P INPUT ACCEPT > > ># Define Rules for Chain: OUTPUT >if [ "$verbose" = "1" ]; then >echo "Create Rules for Chain: OUTPUT" >fi > > >$IPT -t mangle -P OUTPUT ACCEPT > > ># Define Rules for Chain: FORWARD >if [ "$verbose" = "1" ]; then > echo "Create Rules for Chain: FORWARD" >fi > > >$IPT -t mangle -P FORWARD ACCEPT > > ># Define Rules for Chain: PREROUTING >if [ "$verbose" = "1" ]; then > echo "Create Rules for Chain: PREROUTING" >fi > > >$IPT -t mangle -P PREROUTING ACCEPT > > ># Define Rules for Chain: POSTROUTING >if [ "$verbose" = "1" ]; then > echo "Create Rules for Chain: POSTROUTING" >fi > > >$IPT -t mangle -P POSTROUTING ACCEPT > > > >if [ "$verbose" = "1" ]; then > echo -n "Enable IP Forwarding. " >fi > > >echo 1 > /proc/sys/net/ipv4/ip_forward >if [ "$verbose" = "1" ]; then > echo "Done." >fi > > >if [ "$verbose" = "1" ]; then > echo -n "Disable Reverse Path Filtering " >fi > > >for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do > echo 0 > $i >done >if [ "$verbose" = "1" ]; then > echo "Done." >fi > > >if [ "$verbose" = "1" ]; then > echo -n "Disable log_martians (logging). " >fi > > >for i in /proc/sys/net/ipv4/conf/*/log_martians ; do > echo 0 > $i >done >if [ "$verbose" = "1" ]; then > echo "Done." >fi > > > >if [ "$verbose" = "1" ]; then > echo -n "Enable Syn Cookies. " >fi > > >echo 1 > /proc/sys/net/ipv4/tcp_syncookies >if [ "$verbose" = "1" ]; then > echo "Done." >fi > > >echo Done. >} > >stopFirewall() { > echo -n "Clearing iptables (created by KMyFirewall)... " > > $IPT -t filter -F || status="1" > $IPT -t filter -X || status="1" > $IPT -t filter -P INPUT ACCEPT || status="1" > $IPT -t filter -P OUTPUT ACCEPT || status="1" > $IPT -t filter -P FORWARD ACCEPT || status="1" > > $IPT -t nat -F || status="1" > $IPT -t nat -X || status="1" > $IPT -t nat -P OUTPUT ACCEPT || status="1" > $IPT -t nat -P PREROUTING ACCEPT || status="1" > $IPT -t nat -P POSTROUTING ACCEPT || status="1" > > $IPT -t mangle -F || status="1" > $IPT -t mangle -X || status="1" > $IPT -t mangle -P INPUT ACCEPT || status="1" > $IPT -t mangle -P OUTPUT ACCEPT || status="1" > $IPT -t mangle -P OUTPUT ACCEPT || status="1" > $IPT -t mangle -P PREROUTING ACCEPT || status="1" > $IPT -t mangle -P POSTROUTING ACCEPT || status="1" > > echo "Done." > >} > >IPT="/sbin/iptables" >MOD="/sbin/modprobe" >status="0" >verbose="0" >action="$1" >if [ "$1" = "-v" ]; then > verbose="1" >fi > >if [ "$1" = "--verbose" ]; then > verbose="1" >fi > >if [ "$verbose" = "1" ]; then > if [ "$2" = "" ]; then > echo "Usage: sh kmyfirewall.sh [-v|--verbose] { start | stop | restart }" > exit 1 > fi >action="$2" >fi > >case $action in > start) > stopFirewall > startFirewall > ;; > stop) > stopFirewall > ;; > restart) > stopFirewall > startFirewall > ;; > *) > echo "Invalid action! >Usage: sh kmyfirewall.sh [-v|--verbose] { start | stop | restart }" > ;; > esac > >if [ "$status" = "1" ]; then > exit 1 >else > exit 0 >fi >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=132068">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 194059
:
132067
| 132068 |
132930
|
132931
