--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2009 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+include zones.green
+include zones.orange
+include zones.red
+
+function zones_global_add() {
+ local device
+ local name
+
+ device=$1
+
+ vecho "Adding zone \"$device\""
+
+ name=$(uppercase "ZONE_$device")
+
+ ### FILTER
+ chain_create $name
+ iptables -A INPUT -i $device -j $name
+ iptables -A FORWARD -i $device -j $name
+ iptables -A FORWARD -o $device -j $name
+ iptables -A OUTPUT -o $device -j $name
+
+ # Leave some space for own rules
+ chain_create ${name}_CUSTOM
+ iptables -A $name -j ${name}_CUSTOM
+
+ # Intrusion Preventions System
+ chain_create ${name}_IPS
+ iptables -A $name -i $device -j ${name}_IPS
+
+ # Portforwarding
+ chain_create ${name}_PORTFW
+ iptables -A $name -i $device -j ${name}_PORTFW
+
+ # Outgoing firewall
+ chain_create ${name}_OUTFW
+ iptables -A $name -o $device -j ${name}_OUTFW
+
+ # Policy rules
+ chain_create ${name}_POLICY
+ iptables -A $name -j ${name}_POLICY
+
+ ### MANGLE
+ chain_create -t mangle $name
+ iptables -t mangle -A PREROUTING -i $device -j $name
+ iptables -t mangle -A POSTROUTING -o $device -j $name
+
+ # Quality of Service
+ chain_create -t mangle ${name}_QOS_INC
+ iptables -t mangle -A $name -i $device -j ${name}_QOS_INC
+ chain_create -t mangle ${name}_QOS_OUT
+ iptables -t mangle -A $name -o $device -j ${name}_QOS_OUT
+
+ ### NAT
+ chain_create -t nat ${name}
+ iptables -t nat -A PREROUTING -i $device -j ${name}
+ iptables -t nat -A POSTROUTING -o $device -j ${name}
+
+ # Network Address Translation
+ chain_create -t nat ${name}_NAT
+ iptables -t nat -A $name -i $device -j ${name}_NAT
+
+ # Portforwarding
+ chain_create -t nat ${name}_PORTFW
+ iptables -t nat -A $name -i $device -j ${name}_PORTFW
+
+ # UPNP
+ chain_create -t nat ${name}_UPNP
+ iptables -t nat -A $name -j ${name}_UPNP
+}
+
+
+### LOCAL ZONE
+function zones_local_add() {
+
+ decho "Adding zone \"local\""
+
+ # Accept everything on lo
+ iptables -A INPUT -i lo -j ACCEPT
+ iptables -A OUTPUT -o lo -j ACCEPT
+
+}
projects / people / ms / ipfire-3.x.git / blobdiff