/sbin/iptables -t nat -N NAT_DESTINATION
/sbin/iptables -t nat -N NAT_SOURCE
/sbin/iptables -t nat -A PREROUTING -j NAT_DESTINATION
- /sbin/iptables -t nat -A POSTROUTING -j NAT_SOURCE
+ /sbin/iptables -t nat -I POSTROUTING 2 -j NAT_SOURCE
# upnp chain for our upnp daemon
/etc/sysconfig/firewall.local start
fi
+ /sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT_a"
+
+ if [ "$DROPINPUT" == "on" ]; then
+ /sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT_b"
+ fi
+ if [ "$DROPFORWARD" == "on" ]; then
+ /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
+ fi
+ /sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
+
#POLICY CHAIN
/sbin/iptables -N POLICYIN
/sbin/iptables -A INPUT -j POLICYIN
/sbin/iptables -A OUTPUT -j POLICYOUT
/usr/sbin/firewall-policy
-
- #Only for firewall Hits statistik
- /sbin/iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD"
- /sbin/iptables -A POLICYOUT -j DROP -m comment --comment "DROP_OUTPUT"
;;
startovpn)
# run openvpn
/etc/sysconfig/firewall.local stop
fi
+ /sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
+
if [ "$DROPINPUT" == "on" ]; then
- /sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
+ /sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT"
fi
- /sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
if [ "$DROPFORWARD" == "on" ]; then
- /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
+ /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
fi
/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
- #Only for firewall Hits statistik
- /sbin/iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD"
- /sbin/iptables -A POLICYOUT -j DROP -m comment --comment "DROP_OUTPUT"
-
-
-
;;
stopovpn)
# stop openvpn