Partner/customfirewall
12
0
Fork 0
Code Pull Requests Projects Releases Activity
customfirewall/40_customfirewall

98 lines
2.2 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
#
# 40_customfirewall - Custom firewall
#
PATH="/bin:/sbin:/usr/bin:/usr/sbin"
NAME="40_customfirewall"
test -f /etc/default/customfirewall || { exit 0; }
source /etc/default/customfirewall
function get_destination_ips() {
{
for rule_def in $FORWARDS ; do
IFS=, read -r ip proto port destination <<< "$rule_def"
echo $destination
done
} | sort | uniq
}
function start() {
log_progress_msg $NAME
iptables -t nat -N customfirewall_prerouting
iptables -t nat -I PREROUTING -j customfirewall_prerouting
for address_def in $ADDRESSES ; do
IFS=, read -r interface ip <<< "$address_def"
ip addr add $ip dev $interface
done
for rule_def in $FORWARDS ; do
IFS=, read -r ip destination proto port <<< "$rule_def"
if [ -n "$proto" ] ; then
proto_opts="-p $proto"
if [ -n "$port" ] ; then
proto_opts="$proto_opts --dport $port"
fi
fi
iptables -t nat -A customfirewall_prerouting -d $ip $proto_opts -j DNAT --to-destination $destination
done
for ip in $(get_destination_ips) ; do
ip rule add to $ip lookup bonding-pwan prio 1900
done
}
function stop() {
if [ "$1" != quiet ] ; then
log_progress_msg $NAME
fi
while ip rule | grep -qe '^1900:' ; do
ip rule del prio 1900 2>/dev/null ||:
done
for address_def in $ADDRESSES ; do
IFS=, read -r interface ip <<< "$address_def"
ip addr del $ip dev $interface 2>/dev/null ||:
done
iptables -t nat -D PREROUTING -j customfirewall_prerouting 2>/dev/null ||:
iptables -t nat -F customfirewall_prerouting 2>/dev/null ||:
iptables -t nat -X customfirewall_prerouting 2>/dev/null ||:
}
function status() {
iptables -t nat -nvL customfirewall_prerouting
}
test -f /lib/lsb/init-functions && . /lib/lsb/init-functions
case "$1" in
start)
stop quiet
start
;;
stop)
stop
;;
restart|force-reload)
stop
start
;;
status)
status
exit 0
;;
*)
echo "Usage: $0 {start|stop|restart|force-reload|status}"
exit 1
;;
esac
View Git Blame Copy Permalink