diff --git a/shell/etc_init.d_iptables b/shell/etc_init.d_iptables new file mode 100644 index 0000000..91341d4 --- /dev/null +++ b/shell/etc_init.d_iptables @@ -0,0 +1,106 @@ +#!/bin/sh + +# ln -s /etc/init.d/iptables /etc/rc2.d/S02iptables + +# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing. +if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then + set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script +fi +### BEGIN INIT INFO +# Provides: firewall +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start the firewall +# Description: Script flushes iptables rules and sets them back +# +# +# +# +# +### END INIT INFO + +# Author: Foo Bar +# +# Please remove the "Author" lines above and replace them +# with your own name if you copy and modify this script. + +DESC="Start firewall" +DAEMON=/usr/sbin/daemonexecutablename +NAME=iptables +DESC=iptables + +# start +do_start() +{ +# reset + iptables -P INPUT ACCEPT + iptables -P FORWARD ACCEPT + iptables -P OUTPUT ACCEPT + + iptables -t nat -F + iptables -t mangle -F + iptables -F + iptables -X + + ip6tables -P INPUT ACCEPT + ip6tables -P FORWARD ACCEPT + ip6tables -P OUTPUT ACCEPT + + ip6tables -t nat -F + ip6tables -t mangle -F + ip6tables -F + ip6tables -X + +# rules + iptables -A INPUT -p tcp --destination-port 135 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT + iptables -A INPUT -p tcp --destination-port 139 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT + iptables -A INPUT -p tcp --destination-port 445 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT + iptables -A INPUT -p tcp --destination-port 137 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT + iptables -A INPUT -p tcp --destination-port 138 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT + + iptables -A INPUT -p tcp --destination-port 135 -j REJECT + iptables -A INPUT -p tcp --destination-port 139 -j REJECT + iptables -A INPUT -p tcp --destination-port 445 -j REJECT + iptables -A INPUT -p tcp --destination-port 137 -j REJECT + iptables -A INPUT -p tcp --destination-port 138 -j REJECT + + ip6tables -A INPUT -p tcp --destination-port 135 -j REJECT + ip6tables -A INPUT -p tcp --destination-port 139 -j REJECT + ip6tables -A INPUT -p tcp --destination-port 445 -j REJECT + ip6tables -A INPUT -p tcp --destination-port 137 -j REJECT + ip6tables -A INPUT -p tcp --destination-port 138 -j REJECT + +} +do_status() +{ + iptables -L +} + + +case "$1" in + force-reload|reload|restart|start|"") + do_start + ;; + bla) + echo "Error: argument '$1' not supported" >&2 + exit 3 + ;; + stop) + # No-op + echo "Error: root should flush rules." + echo "see in /root" + ;; + status) + do_status + exit $? + ;; + *) + echo "Usage: motd [start|stop|status]" >&2 + exit 3 + ;; +esac + +: +