]>
git.ipfire.org Git - people/mlorenz/ipfire-2.x.git/blob - config/firewall/ipsec-block
2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2015 IPFire Team #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
22 VPN_CONFIG
="/var/ipfire/vpn/config"
28 # Don't block a wildcard subnet
29 if [ "${subnet}" = "0.0.0.0/0" ] ||
[ "${subnet}" = "0.0.0.0/0.0.0.0" ]; then
35 iptables
-A IPSECBLOCK
-d "${subnet}" -j REJECT
--reject-with icmp-net-unreachable
38 iptables
-A IPSECBLOCK
-d "${subnet}" -j DROP
49 # Flush all exists rules
50 iptables
-F IPSECBLOCK
54 local vars
="id status name lefthost type ctype x1 x2 x3 leftsubnets"
55 vars
="${vars} x4 righthost rightsubnets x5 x6 x7 x8 x9 x10 x11 x12"
56 vars
="${vars} x13 x14 x15 x16 x17 x18 x19 x20 x21 proto x22 x23 x24"
57 vars
="${vars} route rest"
59 # Register local variables
62 while IFS
="," read -r ${vars}; do
63 # Check if the connection is enabled
64 [ "${status}" = "on" ] ||
continue
66 # Check if this a net-to-net connection
67 [ "${type}" = "net" ] ||
continue
69 # Split multiple subnets
70 rightsubnets
="${rightsubnets//\|/ }"
82 for rightsubnet
in ${rightsubnets}; do
83 block_subnet
"${rightsubnet}" "${action}"
85 done < "${VPN_CONFIG}"
88 block_ipsec ||
exit $?