|
@@ -88,6 +88,7 @@ setup_white() {
|
|
|
done < $CONFD/WHITE.tcp
|
|
done < $CONFD/WHITE.tcp
|
|
|
iptables -A INPUT -p udp -i ${wan} -m set --match-set $whiteset src -m conntrack --ctstate NEW -j FW-FILTERED
|
|
iptables -A INPUT -p udp -i ${wan} -m set --match-set $whiteset src -m conntrack --ctstate NEW -j FW-FILTERED
|
|
|
iptables -A INPUT -p tcp --syn -i ${wan} -m set --match-set $whiteset src -m conntrack --ctstate NEW -j FW-FILTERED
|
|
iptables -A INPUT -p tcp --syn -i ${wan} -m set --match-set $whiteset src -m conntrack --ctstate NEW -j FW-FILTERED
|
|
|
|
|
+ iptables -A INPUT -i ${wan} -p icmp --icmp-type 8 -m conntrack --ctstate NEW -m set --match-set $whiteset src -j ACCEPT
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
setup_open() {
|
|
setup_open() {
|
|
@@ -111,10 +112,6 @@ setup_cast() {
|
|
|
iptables -A INPUT -i ${wan} -j FW-CAST
|
|
iptables -A INPUT -i ${wan} -j FW-CAST
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
-setup_ping(){
|
|
|
|
|
- iptables -A INPUT -p icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
|
|
|
|
|
-}
|
|
|
|
|
-
|
|
|
|
|
main () {
|
|
main () {
|
|
|
set_defaults
|
|
set_defaults
|
|
|
setup_whitenets
|
|
setup_whitenets
|
|
@@ -125,7 +122,6 @@ main () {
|
|
|
setup_white
|
|
setup_white
|
|
|
setup_open
|
|
setup_open
|
|
|
setup_cast
|
|
setup_cast
|
|
|
- setup_ping
|
|
|
|
|
setup_final
|
|
setup_final
|
|
|
}
|
|
}
|
|
|
|
|
|
