From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 3 Oct 2012 16:05:14 +0000 (+0000)
Subject: firewall: Create CUSTOM* chains like in IPFire 2.
X-Git-Tag: 005~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b256a38d72f52aabfb661cd05ccc93556a9514f;p=network.git

firewall: Create CUSTOM* chains like in IPFire 2.
---

diff --git a/functions.firewall b/functions.firewall
index 089ed823..37ee847d 100644
--- a/functions.firewall
+++ b/functions.firewall
@@ -46,6 +46,7 @@ function firewall_start() {
 
 	# Add default chains.
 	firewall_tcp_state_flags
+	firewall_custom_chains
 	firewall_connection_tracking
 	firewall_tcp_clamp_mss
 
@@ -132,6 +133,32 @@ function firewall_lock_release() {
 	lock_release ${RUN_DIR}/.firewall_lock
 }
 
+function firewall_custom_chains() {
+	log INFO "Creating CUSTOM* chains..."
+
+	# These chains are intened to be filled with
+	# rules by the user. They are processed at the very
+	# beginning so it is possible to overwrite everything.
+
+	iptables_chain_create CUSTOMINPUT
+	iptables -A INPUT -j CUSTOMINPUT
+
+	iptables_chain_create CUSTOMFORWARD
+	iptables -A FORWARD -j CUSTOMFORWARD
+
+	iptables_chain_create CUSTOMOUTPUT
+	iptables -A OUTPUT -j CUSTOMOUTPUT
+
+	iptables_chain_create -4 -t nat CUSTOMPREROUTING
+	iptables -4 -t nat -A PREROUTING -j CUSTOMPREROUTING
+
+	iptables_chain_create -4 -t nat CUSTOMPOSTROUTING
+	iptables -4 -t nat -A POSTROUTING -j CUSTOMPOSTROUTING
+
+	iptables_chain_create -4 -t nat CUSTOMOUTPUT
+	iptables -4 -t nat -A OUTPUT -j CUSTOMOUTPUT
+}
+
 function firewall_tcp_state_flags() {
 	log INFO "Creating TCP State Flags chain..."
 	iptables_chain_create BADTCP_LOG