firewall: Create CUSTOM* chains like in IPFire 2.

diff --git a/functions.firewall b/functions.firewall
index 089ed823a3695fa85c31c283fef7b4edc627c100..37ee847d58a8ccd656dcce6260980fccaf428f10 100644 (file)
--- a/functions.firewall
+++ b/functions.firewall
@@ -46,6 +46,7 @@ function firewall_start() {
 
        # Add default chains.
        firewall_tcp_state_flags
+       firewall_custom_chains
        firewall_connection_tracking
        firewall_tcp_clamp_mss
 
@@ -132,6 +133,32 @@ function firewall_lock_release() {
        lock_release ${RUN_DIR}/.firewall_lock
 }
 
+function firewall_custom_chains() {
+       log INFO "Creating CUSTOM* chains..."
+
+       # These chains are intened to be filled with
+       # rules by the user. They are processed at the very
+       # beginning so it is possible to overwrite everything.
+
+       iptables_chain_create CUSTOMINPUT
+       iptables -A INPUT -j CUSTOMINPUT
+
+       iptables_chain_create CUSTOMFORWARD
+       iptables -A FORWARD -j CUSTOMFORWARD
+
+       iptables_chain_create CUSTOMOUTPUT
+       iptables -A OUTPUT -j CUSTOMOUTPUT
+
+       iptables_chain_create -4 -t nat CUSTOMPREROUTING
+       iptables -4 -t nat -A PREROUTING -j CUSTOMPREROUTING
+
+       iptables_chain_create -4 -t nat CUSTOMPOSTROUTING
+       iptables -4 -t nat -A POSTROUTING -j CUSTOMPOSTROUTING
+
+       iptables_chain_create -4 -t nat CUSTOMOUTPUT
+       iptables -4 -t nat -A OUTPUT -j CUSTOMOUTPUT
+}
+
 function firewall_tcp_state_flags() {
        log INFO "Creating TCP State Flags chain..."
        iptables_chain_create BADTCP_LOG