Etusivu Tutki Apua
Kirjaudu sisään
lhubert
/
lfirewall
1
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Selaa lähdekoodia

Taking into account '-t table' iptables option

Laurent HUBERT 9 kuukautta sitten
vanhempi
598d002ca8
commit
460145e890
2 muutettua tiedostoa jossa 79 lisäystä ja 35 poistoa
Jaettu näkymä Näytä diff tilastot
  1. 2 4
      etc/post-up-down-routing.example
  2. 77 31
      scripts/setup

+ 2 - 4
etc/post-up-down-routing.example
Näytä tiedosto 

@@ -6,7 +6,5 @@ then
 
 else
 
     external_if=$1
 
 fi
 
-$do_action -t nat $IPTABLES_ADD $IT_INPUT -A $IT_POSTROUTING -s '10.1.0.0/24' -o $external_if -j MASQUERADE
 
-$do_action -t raw $IPTABLES_INSERT $IT_INPUT -I $IT_PREROUTING -i fwbr+ -j CT --zone 1
 
-$do_action -t nat $IPTABLES_INSERT $IT_INPUT -D $IT_POSTROUTING -s '10.1.0.0/24' -o $external_if -j MASQUERADE
 
-$do_action -t raw $IPTABLES_INSERT $IT_INPUT -D $IT_PREROUTING -i fwbr+ -j CT --zone 1
 
+$do_action -t nat $IPTABLES_ADD $IT_POSTROUTING -s '10.1.0.0/24' -o $external_if -j MASQUERADE
 
+$do_action -t raw $IPTABLES_INSERT $IT_PREROUTING -i fwbr+ -j CT --zone 1

+ 77 - 31
scripts/setup
Näytä tiedosto 

@@ -78,44 +78,88 @@ do_not_log_action () {
 
 ###############################################################
 
 # Firewall actions function definition
 
 ###############################################################
 
+get_table_information(){
 
+    if [ "$1" = "-t" ]
 
+    then
 
+        echo "$1 $2"
 
+    else
 
+        echo ""
 
+    fi
 
+}
 
+
 
+get_action_information(){
 
+    if [ "$1" = "-t" ]
 
+    then
 
+        echo "$3"
 
+    else
 
+        echo "$1"
 
+    fi
 
+}
 
+
 
+
 
+get_command_information(){
 
+    if [ "$1" = "-t" ]
 
+    then
 
+        shift 3
 
+    else
 
+        shift
 
+    fi
 
+    echo "$*"
 
+}
 
+
 
+get_chain_information(){
 
+    if [ "$1" = "-t" ]
 
+    then
 
+        shift 3
 
+    else
 
+        shift
 
+    fi
 
+    echo "$1"
 
+}
 
+
 
 do_exec () {
 
-	case $1 in
 
+    local it_action=`get_action_information $*`
 
+    local it_table=`get_table_information $*`
 
+    local it_command=`get_command_information $*`
 
+    local it_option
 
+	case ${it_action} in
 
 		__iptable_add_action)
 
 			shift
 
-			iptables_option=-A
 
+			it_option=-A
 
 		;;
 
 		__iptable_insert_action)
 
 			shift
 
-			iptables_option=-I
 
+			it_option=-I
 
 		;;
 
 		__iptable_set_policy_action)
 
 			shift
 
-			iptables_option=-P
 
+			it_option=-P
 
 		;;
 
 		*)
 
 			echo "Nothing to be done for $1"
 
 		;;
 
 	esac
 
 	if [ ${verbose} -ge 1 ] ; then
 
-		echo $IP_TABLES $iptables_option $*
 
+		echo $IP_TABLES $it_table $it_option $it_command
 
 	fi
 
-	if ! $IP_TABLES -C $* > /dev/null 2>&1
 
+	if ! $IP_TABLES $it_table -C $it_command > /dev/null 2>&1
 
 	then
 
-		$IP_TABLES $iptables_option $*
 
+		$IP_TABLES $it_table $it_option $it_command
 
 	fi
 
 }
 
 
 
 do_check () {
 
-	local the_action
 
-	the_action=$1
 
-	shift
 
-	case $the_action in
 
+    local it_action=`get_action_information $*`
 
+    local it_table=`get_table_information $*`
 
+    local it_command=`get_command_information $*`
 
+    local it_option
 
+	case $it_action in
 
 		__iptable_add_action)
 
-			iptables_option=-A
 
+			it_option=-A
 
 		;;
 
 		__iptable_insert_action)
 
-			iptables_option=-I
 
+			it_option=-I
 
 		;;
 
 		__iptable_set_policy_action)
 
 			return 0
 
@@ -126,33 +170,35 @@ do_check () {
 
 	esac
 
 	default_option=-C
 
 	if [ ${verbose} -ge 1 ] ; then
 
-		echo $do_log "$the_action:" $IP_TABLES -C $*
 
-		echo $IP_TABLES -C $*
 
+		echo $do_log "$it_action:" $IP_TABLES $it_table -C $it_command
 
+		echo $IP_TABLES $it_table -C $it_command
 
 	fi
 
-	$do_log "$the_action:" $IP_TABLES -C $*
 
-	$IP_TABLES -C $*
 
+	$do_log "$it_action:" $IP_TABLES -C $it_command
 
+	$IP_TABLES  $it_table -C $it_command
 
 	global_status=$((global_status+$?))
 
 }
 
 
 
 do_delete () {
 
-	local the_action
 
-	the_action=$1
 
-	shift
 
+    local it_action=`get_action_information $*`
 
+    local it_table=`get_table_information $*`
 
+    local it_command=`get_command_information $*`
 
+    local it_option
 
 	if [ ${verbose} -gt 1 ] ; then
 
-		$do_log "Trying to delete:" $(translate_iptables_rule $IP_TABLES $the_action $*)
 
+		$do_log "Trying to delete:" \
 
+         $(translate_iptables_rule $IP_TABLES $it_table $it_action $it_command)
 
 	fi
 
-	case $the_action in
 
+	case $it_action in
 
 		__iptable_add_action)
 
-			iptables_option=-D
 
+			it_option=-D
 
 		;;
 
 		__iptable_insert_action)
 
-			iptables_option=-D
 
+			it_option=-D
 
 		;;
 
 		__iptable_set_policy_action)
 
-			CHAIN_NAME="$1"
 
-			$do_log "DELETING: $IP_TABLES -P $CHAIN_NAME DROP"
 
-			$IP_TABLES -P $CHAIN_NAME ACCEPT
 
+			CHAIN_NAME=`get_chain_information $*`
 
+			$do_log "DELETING: $IP_TABLES $it_table -P $CHAIN_NAME DROP"
 
+			$IP_TABLES $it_table -P $CHAIN_NAME ACCEPT
 
 			return 0
 
 		;;
 
 		*)
 
@@ -162,12 +208,12 @@ do_delete () {
 
 
 
 	# Checks the rule then delete it, if it exists
 
-	if $IP_TABLES -C $* > /dev/null 2>&1
 
+	if $IP_TABLES $it_table -C $it_command > /dev/null 2>&1
 
 	then
 
-		$IP_TABLES $iptables_option $* || echo "DID NOT EXIST: "$IP_TABLES $iptables_option $*
 
-		$do_log "DELETING:" $IP_TABLES $iptables_option $*
 
+		$IP_TABLES $it_table $it_option $it_command || echo "DID NOT EXIST: "$IP_TABLES $it_option $it_command
 
+		$do_log "DELETING:" $IP_TABLES $it_table $it_option $it_command
 
 	else
 
-		$do_log "NOT EXISTING:" $IP_TABLES $iptables_option $*
 
+		$do_log "NOT EXISTING:" $IP_TABLES $it_table $it_option $it_command
 
 	fi
 
 	global_status=$((global_status+$?))
 
 }