|
|
@@ -12,15 +12,16 @@ base() {
|
|
|
${iptables} -A INPUT -i lo -j ACCEPT
|
|
|
${iptables} -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
|
|
${iptables} -A INPUT -m conntrack --ctstate INVALID -j DROP
|
|
|
+ ${iptables} -N END-RESET
|
|
|
+ ${iptables} -A END-RESET -p tcp -j REJECT --reject-with tcp-reset
|
|
|
+ ${iptables} -A END-RESET -p udp -j REJECT --reject-with icmp-port-unreachable
|
|
|
+ ${iptables} -A END-RESET -j REJECT --reject-with icmp-proto-unreachable
|
|
|
}
|
|
|
|
|
|
final(){
|
|
|
if $loginput ; then
|
|
|
${iptables} -A INPUT -j WAN-LOG-DROP
|
|
|
fi
|
|
|
- ${iptables} -A INPUT -p tcp -j REJECT --reject-with tcp-reset
|
|
|
- ${iptables} -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
|
|
|
- ${iptables} -A INPUT -j REJECT --reject-with icmp-proto-unreachable
|
|
|
}
|
|
|
|
|
|
wandroplog() {
|
|
|
@@ -82,9 +83,7 @@ forward() {
|
|
|
if $logforward ; then
|
|
|
${iptables} -A FORWARD -j FORWARD-LOG-DROP
|
|
|
fi
|
|
|
- ${iptables} -A FORWARD -p tcp -j REJECT --reject-with tcp-reset
|
|
|
- ${iptables} -A FORWARD -p udp -j REJECT --reject-with icmp-port-unreachable
|
|
|
- ${iptables} -A FORWARD -j REJECT --reject-with icmp-proto-unreachable
|
|
|
+ ${iptables} -A FORWARD -j END-RESET
|
|
|
}
|
|
|
|
|
|
lan() {
|
