ricardo.leite/firewall
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Bug Fix - Clear custom chains

Browse Source
This commit is contained in:
Ricardo Leite
2021-07-21 13:40:13 +00:00
parent a6f4de3359
commit 813748d364
2 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
install.sh
+2 -2
View File
@@ -57,10 +57,10 @@ if [ ! -f /etc/network/firewall/firewall.cfg -o "$1" == "-f" ] ; then
fi fi
echo "" echo ""
echo !!! Please revise configuration files: echo !!! Please check configuration files:
echo $trusted echo $trusted
echo $trusted6 echo $trusted6
echo /etc/network/firewall/firewall.cfg echo /etc/network/firewall/firewall.cfg
echo /etc/network/firewall/rules.sh echo /etc/network/firewall/rules.sh
file /etc/network/firewall/config.d -type f find /etc/network/firewall/config.d -type f
echo "" echo ""
rules.sh
+13 -1
View File
@@ -8,10 +8,22 @@ trusted6=/etc/network/firewall/trustedips6.conf
#--------------------------------------------------------------------------- #---------------------------------------------------------------------------
input="INPUT-CUSTOM" input="INPUT-CUSTOM"
# Clear chains
iptables -F $input iptables -F $input
iptables -F DOCKER-USER iptables -F DOCKER-USER
ip6tables -F $input ip6tables -F $input
# Clear custom chains
#---------------------
iptables -F PING-DEATH
#ip6tables -F DEATH-PING6
iptables -F syn-flood
#ip6tables -F syn-flood6
iptables -F SSH-BRUT-FORCE
ip6tables -F SSH-BRUT-FORCE6
#---------------------
# Open ipv4 trusted IPs # Open ipv4 trusted IPs
for i in $(egrep -v "^#|^$" $trusted ); do for i in $(egrep -v "^#|^$" $trusted ); do
iptables -A $input -s $i -j ACCEPT -m comment --comment "Trusted ipv4 ($i)" iptables -A $input -s $i -j ACCEPT -m comment --comment "Trusted ipv4 ($i)"
@@ -68,7 +80,7 @@ if [ "X$WAN" != "X" ]; then
# ip6tables -A $input -i $WAN -p tcp --syn -j syn-flood6 # ip6tables -A $input -i $WAN -p tcp --syn -j syn-flood6
# ip6tables -A syn-flood6 -m limit --limit 1/s --limit-burst 4 -j RETURN # ip6tables -A syn-flood6 -m limit --limit 1/s --limit-burst 4 -j RETURN
# ip6tables -A syn-flood6 -j DROP # ip6tables -A syn-flood6 -j DROP
if fi
#Block ssh brute force (the $WAN variable is required) #Block ssh brute force (the $WAN variable is required)
if [ "X$WAN" != "X" ]; then if [ "X$WAN" != "X" ]; then