Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Normal
Revision Log

firewall@ 4264

Last change on this file since 4264 was 813, checked in by jasper, 21 years ago
Huidige genesis configuratie
File size: 3.8 KB

Rev	Line
[813]	1	#! /bin/bash
	2	# -x
	3	#
	4	#
	5
	6	if [ "$1" != "-n" ]
	7	then
	8	/bin/bash -n $0 $* \|\| exit 1 # Check op Syntax errors!
	9	fi
	10	#echo Syntax $0 OK!
	11
	12	. /etc/wireless.conf.sh
	13
	14	ic='/sbin/ipchains'
	15	nm='/usr/local/bin/netmask'
	16
	17	echo 0 > /proc/sys/net/ipv4/ip_forward
	18
	19	PATH="/sbin:/usr/sbin:/usr/local/sbin/:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/lib/java/bin:/usr/games/bin:/usr/games:/opt/gnome/bin:/opt/kde/bin:/usr/openwin/bin";
	20
	21	gw=`route -n \|grep '^0.0.0.0'\|tr -s ' '`
	22
	23	if [ "$gw" != "" ]
	24	then
	25	gw_if=`echo $gw\|cut -d ' ' -f 8` # gw. dev.
	26	def_gw=`echo $gw\|cut -d ' ' -f 2` # def. gw
	27	else
	28	gw_if=eth0
	29	def_gw=99.99.99.99
	30
	31	fi
	32	gwif_ip=`$nm $gw_if i`
	33	good_net=`$nm $gw_if m`
	34
	35
	36	wifs=`/sbin/ifconfig\|cut -d ' ' -f 1\|grep -v '^$'\|grep -v $gw_if\|grep -v lo`
	37	wifs_major=`/sbin/ifconfig\|cut -d ' ' -f 1\|grep -v '^$'\|grep -v $gw_if\|grep -v lo\|grep -v ':'`
	38
	39	wif_ip=`$nm wlan0 i`
	40	wnet=172.16.0.0/12
	41
	42	tports='22 37 53 80 3128' # ssh,time,domain,http,squid
	43	uports='53 3130' # domain,squid
	44
	45	modprobe ipchains
	46
	47
	48	in="$ic -A input"
	49	out="$ic -A output"
	50	fw="$ic -A forward"
	51
	52	#modprobe ip_masq_autofw
	53	#modprobe ip_masq_cuseeme
	54	#modprobe ip_masq_ftp
	55	#modprobe ip_masq_irc
	56	#modprobe ip_masq_mfw
	57	#modprobe ip_masq_portfw
	58	#modprobe ip_masq_quake
	59	#modprobe ip_masq_raudio
	60	#modprobe ip_masq_user
	61	#modprobe ip_masq_vdolive
	62
	63	$ic -F input
	64	$ic -F output
	65	$ic -F forward
	66
	67
	68	echo Default policy
	69
	70	$ic -P input REJECT
	71	$ic -P output ACCEPT
	72	$ic -P forward DENY # pings return
	73
	74	$ic -X
	75
	76	######### Incoming
	77
	78	echo Incoming
	79
	80	$in -i lo -j ACCEPT
	81
	82	$in -s 0.0.0.0/0 bootpc -d 255.255.255.255 bootps -p udp -j ACCEPT # DHCP op broadcast
	83	$in -s 0.0.0.0/0 bootpc -d 255.255.255.255 bootps -p tcp -j ACCEPT # DHCP op broadcast
	84
	85	$in -d 224.0.0.5 -p 89 -j ACCEPT # OSPF
	86	$in -d 224.0.0.6 -p 89 -j ACCEPT # OSPF
	87	$in -d 224.0.0.5 -p 2 -j ACCEPT # OSPF
	88	$in -d 224.0.0.6 -p 2 -j ACCEPT # OSPF
	89
	90	for if in $wifs_major
	91	do
	92	ip=`$nm $if i`
	93	$in -s 0.0.0.0/0 bootpc -d $ip bootps -i $if -p udp -j ACCEPT # DHCP op eigen ip
	94	$in -s 0.0.0.0/0 bootpc -d $ip bootps -i $if -p tcp -j ACCEPT # DHCP op eigen ip
	95	$in -s ! $wnet -i $if -j DENY -l # Spoofing; alleen wnet ip wifs.
	96	done
	97
	98	for p in $tports
	99	do
	100	$in -d $gwif_ip $p -p tcp -j ACCEPT # tports op gwif_ip
	101	$in -d $wif_ip $p -p tcp -j ACCEPT # tports op wif_ip
	102	done
	103
	104	for p in $uports
	105	do
	106	$in -d $gwif_ip $p -p udp -j ACCEPT # uports op gwif_ip
	107	$in -d $wif_ip $p -p udp -j ACCEPT # uports op wif_ip
	108	done
	109
	110
	111	$in -d $good_net -s $wnet ! -y -p tcp -j ACCEPT # established sessions
	112
	113	$in -d $gwif_ip ! -y -p tcp -j ACCEPT # established sessions
	114	for if in $wifs
	115	do
	116	ip=`$nm $if i`
	117	$in -d $ip -s $wnet ! -y -p tcp -j ACCEPT # established sessions
	118	done
	119
	120
	121	for if in $wifs $gw_if
	122	do
	123	ip=`$nm $if i`
	124
	125	$in -d $ip 53 -p udp -j ACCEPT # named wel,
	126	$in -d $ip --sport 53 -p udp -j ACCEPT # named wel.
	127	# Want named source adres wordt door named gekozen afhankelijk van de if.
	128
	129	$in -d $ip -p icmp -j ACCEPT # icmp wel.
	130
	131	$in -d $ip -p 89 -j ACCEPT # OSPF
	132	$in -d $ip -p 2 -j ACCEPT # OSPF
	133
	134	$in -d $ip -j REJECT -l # Vangnet
	135	done
	136
	137	$in -d $wnet -j ACCEPT # dst wireless=okay
	138
	139	if [ "$gw_open" != "open" ]
	140	then
	141	for if in $wifs_major
	142	do
	143	$in -d ! $good_net -s $wnet -i $if -j ACCEPT # wel naar Internet, niet naar goodnet.
	144	done
	145	fi
	146
	147	#$in --dport 137:139 -j REJECT # Netbios
	148	$in -j REJECT -l # vangnet
	149
	150	######### Forward
	151
	152	echo forwarding
	153
	154	echo 1 > /proc/sys/net/ipv4/ip_forward
	155
	156	$fw -d $gwif_ip ! -y -p tcp -j ACCEPT # established sessions
	157	for if in $wifs
	158	do
	159	ip=`$nm $if i`
	160	$fw -d $ip -s $wnet ! -y -p tcp -j ACCEPT # established sessions
	161	done
	162
	163	$fw -s $good_net -d $wnet -j MASQ # dst wireless=okay
	164
	165	if [ "$gw_open" != "open" ]
	166	then
	167	$fw -d ! $good_net -i $gw_if -j MASQ # naar Internet = okay
	168	fi
	169
	170	$fw -j REJECT -l # vangnet
	171
	172
	173	#########
	174
	175
	176	#ipchains -nxvL
	177

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format