|
|
@@ -109,15 +109,15 @@ setup_white() {
|
|
|
iptables -A INPUT -i ${wan} -p icmp --icmp-type 8 -m set --match-set $whiteset src -m conntrack --ctstate NEW --ctproto ICMP -j ACCEPT
|
|
|
}
|
|
|
|
|
|
-setup_open() {
|
|
|
- iptables -N FW-OPEN
|
|
|
+setup_public() {
|
|
|
+ iptables -N FW-PUBLIC
|
|
|
while read -r port ; do
|
|
|
[[ "$port" =~ ^[0-9]{1,}$ ]] || continue
|
|
|
- iptables -A FW-OPEN -p udp -m conntrack --ctstate NEW --ctproto UDP --dport $port -j ACCEPT
|
|
|
+ iptables -A FW-PUBLIC -p udp -m conntrack --ctstate NEW --ctproto UDP --dport $port -j ACCEPT
|
|
|
done < $confd/Public.udp
|
|
|
while read -r port ; do
|
|
|
[[ "$port" =~ ^[0-9]{1,}$ ]] || continue
|
|
|
- iptables -A FW-OPEN -p tcp -m conntrack --ctstate NEW --ctproto TCP --dport $port -j ACCEPT
|
|
|
+ iptables -A FW-PUBLIC -p tcp -m conntrack --ctstate NEW --ctproto TCP --dport $port -j ACCEPT
|
|
|
done < $confd/Public.tcp
|
|
|
iptables -A INPUT -i ${wan} -p udp -m conntrack --ctstate NEW --ctproto UDP -j FW-OPEN
|
|
|
iptables -A INPUT -i ${wan} -p tcp -m conntrack --ctstate NEW --ctproto TCP -j FW-OPEN
|
|
|
@@ -131,7 +131,7 @@ setup_cast() {
|
|
|
}
|
|
|
|
|
|
main () {
|
|
|
- defaultHooks="set_defaults setup_whitenets setup_nat setup_forward setup_base setup_badips setup_white setup_open setup_scanips setup_cast setup_final"
|
|
|
+ defaultHooks="set_defaults setup_whitenets setup_nat setup_forward setup_base setup_badips setup_white setup_public setup_scanips setup_cast setup_final"
|
|
|
hookarray=(${hooks:-$defaultHooks})
|
|
|
for hook in "${hookarray[@]}" ; do
|
|
|
$hook
|
