~ubuntu-branches/ubuntu/raring/arno-iptables-firewall/raring

Viewing changes to bin/arno-iptables-firewall

Committer: Package Import Robot
Author(s): Michael Hanke
Date: 2012-06-28 08:13:04 UTC
mfrom: (1.1.15)
Revision ID: package-import@ubuntu.com-20120628081304-lyyj3i5te86rog54

Tags: 2.0.1.c-1

* Upstream bugfix release.
  - Fix a script 'IFS' issue if IPv6 and DMZ is enabled together with
    DMZ_HOST_OPEN_IP
  - Support for newer kernels (3.4+) which replace ipt_LOG & ip6t_LOG with
    xt_LOG

files added:
contrib/Debian/init.d

contrib/Debian/init.d/arno-iptables-firewall

files removed:
debian/.pc

debian/.pc/.quilt_patches

debian/.pc/.quilt_series

debian/.pc/.version

files modified:
CHANGELOG

bin/arno-iptables-firewall

debian/changelog

Show diffs side-by-side

added added

removed removed

bin/arno-iptables-firewall

#!/bin/sh

MY_VERSION="2.0.1b"

MY_VERSION="2.0.1c"

# Location of the main configuration file for the firewall

##########################################################

313

314

315

# Implement the LOG target

316

modprobe ipt_LOG

317

316

if [ "$IPV6_SUPPORT" = "1" ]; then

318

modprobe ip6t_LOG

317

modprobe_multi xt_LOG "ipt_LOG,ip6t_LOG"

318

else

319

modprobe_multi xt_LOG ipt_LOG

319

320

321

322

if [ "$SET_MSS" != "0" ]; then

322

323

# Implement the TCPMSS target

323

324

if [ "$IPV6_SUPPORT" = "1" ]; then

1310

1311

echo " Allowing ICMP-requests(ping)"

1311

1312

iptables -A DMZ_INPUT_CHAIN -p icmp --icmp-type echo-request -m limit --limit 20/second --limit-burst 100 -j ACCEPT

1312

1313

if [ "$IPV6_SUPPORT" = "1" ]; then

1314

unset IFS

1313

1315

for icmpv6_type in $ICMPV6_SPECIAL_TYPES; do

1314

1316

ip6tables -A DMZ_INPUT_CHAIN -p icmpv6 --icmpv6-type $icmpv6_type -m hl --hl-eq 255 -j ACCEPT

1315

1317

done

Older »