mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-05-10 19:14:57 +02:00
minor tweak for the test - added "catch all" rule in ipv6 branch to make sure it compiles for ipv6
This commit is contained in:
Vadim Kurland
@@ -4,7 +4,7 @@
|
|||||||
#
|
#
|
||||||
# Firewall Builder fwb_ipt v4.3.0.3542
|
# Firewall Builder fwb_ipt v4.3.0.3542
|
||||||
#
|
#
|
||||||
# Generated Sat May 14 15:41:56 2011 PDT by vadim
|
# Generated Sun May 15 12:01:42 2011 PDT by vadim
|
||||||
#
|
#
|
||||||
# files: * firewall-ipv6-8.fw /etc/firewall-ipv6-8.fw
|
# files: * firewall-ipv6-8.fw /etc/firewall-ipv6-8.fw
|
||||||
#
|
#
|
||||||
@@ -320,6 +320,31 @@ configure_interfaces() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
script_body() {
|
script_body() {
|
||||||
|
# ================ IPv4
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
(
|
||||||
|
|
||||||
|
echo '*filter'
|
||||||
|
|
||||||
|
# ================ Table 'filter', rule set Policy_OSPF
|
||||||
|
#
|
||||||
|
# Rule Policy_OSPF 2 (global)
|
||||||
|
echo ":Policy_OSPF - [0:0]"
|
||||||
|
echo "-A Policy_OSPF -j DROP "
|
||||||
|
#
|
||||||
|
echo COMMIT
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
) | $IPTABLES_RESTORE; IPTABLES_RESTORE_RES=$?
|
||||||
|
test $IPTABLES_RESTORE_RES != 0 && run_epilog_and_exit $IPTABLES_RESTORE_RES
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# ================ IPv6
|
# ================ IPv6
|
||||||
|
|
||||||
|
|
||||||
@@ -363,6 +388,9 @@ script_body() {
|
|||||||
# Rule Policy_OSPF 1 (global)
|
# Rule Policy_OSPF 1 (global)
|
||||||
echo "-A Policy_OSPF -s fe80::/10 -d ff00::/8 -j ACCEPT "
|
echo "-A Policy_OSPF -s fe80::/10 -d ff00::/8 -j ACCEPT "
|
||||||
echo "-A Policy_OSPF -s fe80::/10 -d fe80::/10 -j ACCEPT "
|
echo "-A Policy_OSPF -s fe80::/10 -d fe80::/10 -j ACCEPT "
|
||||||
|
#
|
||||||
|
# Rule Policy_OSPF 2 (global)
|
||||||
|
echo "-A Policy_OSPF -j DROP "
|
||||||
#
|
#
|
||||||
# ================ Table 'filter', rule set Policy_v6
|
# ================ Table 'filter', rule set Policy_v6
|
||||||
#
|
#
|
||||||
@@ -461,7 +489,8 @@ echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
|
|||||||
|
|
||||||
reset_all() {
|
reset_all() {
|
||||||
:
|
:
|
||||||
reset_iptables_v6
|
reset_iptables_v4
|
||||||
|
reset_iptables_v6
|
||||||
}
|
}
|
||||||
|
|
||||||
block_action() {
|
block_action() {
|
||||||
@@ -470,6 +499,9 @@ block_action() {
|
|||||||
|
|
||||||
stop_action() {
|
stop_action() {
|
||||||
reset_all
|
reset_all
|
||||||
|
$IPTABLES -P OUTPUT ACCEPT
|
||||||
|
$IPTABLES -P INPUT ACCEPT
|
||||||
|
$IPTABLES -P FORWARD ACCEPT
|
||||||
$IP6TABLES -P OUTPUT ACCEPT
|
$IP6TABLES -P OUTPUT ACCEPT
|
||||||
$IP6TABLES -P INPUT ACCEPT
|
$IP6TABLES -P INPUT ACCEPT
|
||||||
$IP6TABLES -P FORWARD ACCEPT
|
$IP6TABLES -P FORWARD ACCEPT
|
||||||
@@ -507,7 +539,7 @@ test -z "$cmd" && {
|
|||||||
|
|
||||||
case "$cmd" in
|
case "$cmd" in
|
||||||
start)
|
start)
|
||||||
log "Activating firewall script generated Sat May 14 15:41:56 2011 by vadim"
|
log "Activating firewall script generated Sun May 15 12:01:42 2011 by vadim"
|
||||||
check_tools
|
check_tools
|
||||||
prolog_commands
|
prolog_commands
|
||||||
check_run_time_address_table_files
|
check_run_time_address_table_files
|
||||||
|
|||||||
@@ -57768,7 +57768,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
|
|||||||
<Option name="verify_interfaces">True</Option>
|
<Option name="verify_interfaces">True</Option>
|
||||||
</FirewallOptions>
|
</FirewallOptions>
|
||||||
</Firewall>
|
</Firewall>
|
||||||
<Firewall id="id654160X7324" host_OS="linux24" inactive="False" lastCompiled="1280426747" lastInstalled="0" lastModified="1276815782" platform="iptables" version="1.4.0" name="firewall-ipv6-8" comment="matching multicast with different directions" ro="False">
|
<Firewall id="id654160X7324" host_OS="linux24" inactive="False" lastCompiled="1280426747" lastInstalled="0" lastModified="1305486097" platform="iptables" version="1.4.0" name="firewall-ipv6-8" comment="matching multicast with different directions" ro="False">
|
||||||
<NAT id="id654194X7324" name="NAT" comment="" ro="False" ipv4_rule_set="True" ipv6_rule_set="True" top_rule_set="True">
|
<NAT id="id654194X7324" name="NAT" comment="" ro="False" ipv4_rule_set="True" ipv6_rule_set="True" top_rule_set="True">
|
||||||
<RuleSetOptions/>
|
<RuleSetOptions/>
|
||||||
</NAT>
|
</NAT>
|
||||||
@@ -58516,7 +58516,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
|
|||||||
<Option name="mangle_only_rule_set">False</Option>
|
<Option name="mangle_only_rule_set">False</Option>
|
||||||
</RuleSetOptions>
|
</RuleSetOptions>
|
||||||
</Policy>
|
</Policy>
|
||||||
<Policy id="id1825785X7324" name="Policy_OSPF" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="True" top_rule_set="False">
|
<Policy id="id1825785X7324" name="Policy_OSPF" comment="" ro="False" ipv4_rule_set="True" ipv6_rule_set="True" top_rule_set="False">
|
||||||
<PolicyRule id="id2502746X7324" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="">
|
<PolicyRule id="id2502746X7324" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="">
|
||||||
<Src neg="False">
|
<Src neg="False">
|
||||||
<ObjectRef ref="id2383X75851"/>
|
<ObjectRef ref="id2383X75851"/>
|
||||||
@@ -58611,6 +58611,26 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
|
|||||||
<Option name="ulog_nlgroup">1</Option>
|
<Option name="ulog_nlgroup">1</Option>
|
||||||
</PolicyRuleOptions>
|
</PolicyRuleOptions>
|
||||||
</PolicyRule>
|
</PolicyRule>
|
||||||
|
<PolicyRule id="id100679X23217" disabled="False" group="" log="False" position="2" action="Deny" direction="Both" comment="">
|
||||||
|
<Src neg="False">
|
||||||
|
<ObjectRef ref="sysid0"/>
|
||||||
|
</Src>
|
||||||
|
<Dst neg="False">
|
||||||
|
<ObjectRef ref="sysid0"/>
|
||||||
|
</Dst>
|
||||||
|
<Srv neg="False">
|
||||||
|
<ServiceRef ref="sysid1"/>
|
||||||
|
</Srv>
|
||||||
|
<Itf neg="False">
|
||||||
|
<ObjectRef ref="sysid0"/>
|
||||||
|
</Itf>
|
||||||
|
<When neg="False">
|
||||||
|
<IntervalRef ref="sysid2"/>
|
||||||
|
</When>
|
||||||
|
<PolicyRuleOptions>
|
||||||
|
<Option name="stateless">True</Option>
|
||||||
|
</PolicyRuleOptions>
|
||||||
|
</PolicyRule>
|
||||||
<RuleSetOptions>
|
<RuleSetOptions>
|
||||||
<Option name="mangle_only_rule_set">False</Option>
|
<Option name="mangle_only_rule_set">False</Option>
|
||||||
</RuleSetOptions>
|
</RuleSetOptions>
|
||||||
|
|||||||
Reference in New Issue
Block a user