107 lines
2.7 KiB
Plaintext
107 lines
2.7 KiB
Plaintext
|
#!/bin/sh
|
||
|
|
||
|
# ln -s /etc/init.d/iptables /etc/rc2.d/S02iptables
|
||
|
|
||
|
# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing.
|
||
|
if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then
|
||
|
set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script
|
||
|
fi
|
||
|
### BEGIN INIT INFO
|
||
|
# Provides: firewall
|
||
|
# Required-Start: $remote_fs $syslog
|
||
|
# Required-Stop: $remote_fs $syslog
|
||
|
# Default-Start: 2 3 4 5
|
||
|
# Default-Stop: 0 1 6
|
||
|
# Short-Description: Start the firewall
|
||
|
# Description: Script flushes iptables rules and sets them back
|
||
|
#
|
||
|
#
|
||
|
#
|
||
|
#
|
||
|
#
|
||
|
### END INIT INFO
|
||
|
|
||
|
# Author: Foo Bar <foobar@baz.org>
|
||
|
#
|
||
|
# Please remove the "Author" lines above and replace them
|
||
|
# with your own name if you copy and modify this script.
|
||
|
|
||
|
DESC="Start firewall"
|
||
|
DAEMON=/usr/sbin/daemonexecutablename
|
||
|
NAME=iptables
|
||
|
DESC=iptables
|
||
|
|
||
|
# start
|
||
|
do_start()
|
||
|
{
|
||
|
# reset
|
||
|
iptables -P INPUT ACCEPT
|
||
|
iptables -P FORWARD ACCEPT
|
||
|
iptables -P OUTPUT ACCEPT
|
||
|
|
||
|
iptables -t nat -F
|
||
|
iptables -t mangle -F
|
||
|
iptables -F
|
||
|
iptables -X
|
||
|
|
||
|
ip6tables -P INPUT ACCEPT
|
||
|
ip6tables -P FORWARD ACCEPT
|
||
|
ip6tables -P OUTPUT ACCEPT
|
||
|
|
||
|
ip6tables -t nat -F
|
||
|
ip6tables -t mangle -F
|
||
|
ip6tables -F
|
||
|
ip6tables -X
|
||
|
|
||
|
# rules
|
||
|
iptables -A INPUT -p tcp --destination-port 135 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT
|
||
|
iptables -A INPUT -p tcp --destination-port 139 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT
|
||
|
iptables -A INPUT -p tcp --destination-port 445 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT
|
||
|
iptables -A INPUT -p tcp --destination-port 137 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT
|
||
|
iptables -A INPUT -p tcp --destination-port 138 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT
|
||
|
|
||
|
iptables -A INPUT -p tcp --destination-port 135 -j REJECT
|
||
|
iptables -A INPUT -p tcp --destination-port 139 -j REJECT
|
||
|
iptables -A INPUT -p tcp --destination-port 445 -j REJECT
|
||
|
iptables -A INPUT -p tcp --destination-port 137 -j REJECT
|
||
|
iptables -A INPUT -p tcp --destination-port 138 -j REJECT
|
||
|
|
||
|
ip6tables -A INPUT -p tcp --destination-port 135 -j REJECT
|
||
|
ip6tables -A INPUT -p tcp --destination-port 139 -j REJECT
|
||
|
ip6tables -A INPUT -p tcp --destination-port 445 -j REJECT
|
||
|
ip6tables -A INPUT -p tcp --destination-port 137 -j REJECT
|
||
|
ip6tables -A INPUT -p tcp --destination-port 138 -j REJECT
|
||
|
|
||
|
}
|
||
|
do_status()
|
||
|
{
|
||
|
iptables -L
|
||
|
}
|
||
|
|
||
|
|
||
|
case "$1" in
|
||
|
force-reload|reload|restart|start|"")
|
||
|
do_start
|
||
|
;;
|
||
|
bla)
|
||
|
echo "Error: argument '$1' not supported" >&2
|
||
|
exit 3
|
||
|
;;
|
||
|
stop)
|
||
|
# No-op
|
||
|
echo "Error: root should flush rules."
|
||
|
echo "see in /root"
|
||
|
;;
|
||
|
status)
|
||
|
do_status
|
||
|
exit $?
|
||
|
;;
|
||
|
*)
|
||
|
echo "Usage: motd [start|stop|status]" >&2
|
||
|
exit 3
|
||
|
;;
|
||
|
esac
|
||
|
|
||
|
:
|
||
|
|