]>
git.ipfire.org Git - ipfire-3.x.git/blob - firewall/src/functions.zones
2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2009 Michael Tremer & Christian Schmidt #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
26 function zones_global_add
() {
32 vecho
"Adding zone \"$device\""
34 name
=$
(uppercase
"ZONE_$device")
38 iptables
-A INPUT
-i $device -j $name
39 iptables
-A FORWARD
-i $device -j $name
40 iptables
-A FORWARD
-o $device -j $name
41 iptables
-A OUTPUT
-o $device -j $name
43 # Leave some space for own rules
44 chain_create
${name}_CUSTOM
45 iptables
-A $name -j ${name}_CUSTOM
47 # Intrusion Preventions System
48 chain_create
${name}_IPS
49 iptables
-A $name -i $device -j ${name}_IPS
52 chain_create
${name}_PORTFW
53 iptables
-A $name -i $device -j ${name}_PORTFW
56 chain_create
${name}_OUTFW
57 iptables
-A $name -o $device -j ${name}_OUTFW
60 chain_create
${name}_POLICY
61 iptables
-A $name -j ${name}_POLICY
64 chain_create
-t mangle
$name
65 iptables
-t mangle
-A PREROUTING
-i $device -j $name
66 iptables
-t mangle
-A POSTROUTING
-o $device -j $name
69 chain_create
-t mangle
${name}_QOS_INC
70 iptables
-t mangle
-A $name -i $device -j ${name}_QOS_INC
71 chain_create
-t mangle
${name}_QOS_OUT
72 iptables
-t mangle
-A $name -o $device -j ${name}_QOS_OUT
75 chain_create
-t nat
${name}
76 iptables
-t nat
-A PREROUTING
-i $device -j ${name}
77 iptables
-t nat
-A POSTROUTING
-o $device -j ${name}
79 # Network Address Translation
80 chain_create
-t nat
${name}_NAT
81 iptables
-t nat
-A $name -i $device -j ${name}_NAT
84 chain_create
-t nat
${name}_PORTFW
85 iptables
-t nat
-A $name -i $device -j ${name}_PORTFW
88 chain_create
-t nat
${name}_UPNP
89 iptables
-t nat
-A $name -j ${name}_UPNP
94 function zones_local_add
() {
96 decho
"Adding zone \"local\""
98 # Accept everything on lo
99 iptables
-A INPUT
-i lo
-j ACCEPT
100 iptables
-A OUTPUT
-o lo
-j ACCEPT