#!/bin/sh # # copyright (c) the KMyFirewall developers 2002 # mail to: Christian Hubinger # # KMyFirewall v0.9.6.2 # This is an automatic generated file DO NOT EDIT # IPT="/usr/sbin/iptables" MOD="/sbin/modprobe" status="0" startFirewall() { echo echo "Starting firewall..." echo -n "Loading needed modules... " $MOD ip_tables $MOD ip_conntrack $MOD ipt_LOG $MOD ipt_limit $MOD ipt_state $MOD ip_conntrack_ftp $MOD ip_conntrack_irc $MOD iptable_filter $MOD iptable_nat echo "Done." # Define all custom chains echo -n "Create custom chains... " echo "Done." # Rules: echo "Settup Rules in Table FILTER: " # Define Rules for Chain: INPUT echo -n "Create Rules for Chain: INPUT " $IPT -t filter -A INPUT --in-interface lo -j ACCEPT || { status="1"; echo "Setting up Rule: lo FAILED !!!"; exit 1; } $IPT -t filter -A INPUT --in-interface eth0 -j ACCEPT || { status="1"; echo "Setting up Rule: eth0 FAILED !!!"; exit 1; } $IPT -t filter -A INPUT --in-interface ath0 --match state --state RELATED,ESTABLISHED -j ACCEPT || { status="1"; echo "Setting up Rule: related_established FAILED !!!"; exit 1; } $IPT -t filter -P INPUT DROP || { status="1"; echo "Setting up Rule: Chain: INPUT Default Target FAILED !!!"; exit 1; } echo "Done." # Define Rules for Chain: OUTPUT echo -n "Create Rules for Chain: OUTPUT " $IPT -t filter -A OUTPUT --out-interface lo -j ACCEPT || { status="1"; echo "Setting up Rule: lo FAILED !!!"; exit 1; } $IPT -t filter -A OUTPUT --out-interface eth0 -j ACCEPT || { status="1"; echo "Setting up Rule: eth0 FAILED !!!"; exit 1; } $IPT -t filter -A OUTPUT --out-interface ath0 -j ACCEPT || { status="1"; echo "Setting up Rule: outbound FAILED !!!"; exit 1; } $IPT -t filter -P OUTPUT DROP || { status="1"; echo "Setting up Rule: Chain: OUTPUT Default Target FAILED !!!"; exit 1; } echo "Done." # Define Rules for Chain: FORWARD echo -n "Create Rules for Chain: FORWARD " $IPT -t filter -A FORWARD --out-interface ath0 -j ACCEPT || { status="1"; echo "Setting up Rule: outbound FAILED !!!"; exit 1; } $IPT -t filter -A FORWARD --in-interface ath0 --match state --state RELATED,ESTABLISHED -j ACCEPT || { status="1"; echo "Setting up Rule: inbound FAILED !!!"; exit 1; } $IPT -t filter -P FORWARD DROP || { status="1"; echo "Setting up Rule: Chain: FORWARD Default Target FAILED !!!"; exit 1; } echo "Done." echo "Settup Rules in Table NAT: " # Define Rules for Chain: OUTPUT echo -n "Create Rules for Chain: OUTPUT " $IPT -t nat -P OUTPUT ACCEPT || { status="1"; echo "Setting up Rule: Chain: OUTPUT Default Target FAILED !!!"; exit 1; } echo "Done." # Define Rules for Chain: PREROUTING echo -n "Create Rules for Chain: PREROUTING " $IPT -t nat -P PREROUTING ACCEPT || { status="1"; echo "Setting up Rule: Chain: PREROUTING Default Target FAILED !!!"; exit 1; } echo "Done." # Define Rules for Chain: POSTROUTING echo -n "Create Rules for Chain: POSTROUTING " $IPT -t nat -A POSTROUTING --out-interface ath0 -j MASQUERADE || { status="1"; echo "Setting up Rule: outbound FAILED !!!"; exit 1; } $IPT -t nat -P POSTROUTING ACCEPT || { status="1"; echo "Setting up Rule: Chain: POSTROUTING Default Target FAILED !!!"; exit 1; } echo "Done." echo -n "Enable IP Forwarding. " echo 1 > /proc/sys/net/ipv4/ip_forward echo "Done." echo -n "Disable Reverse Path Filtering " for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 0 > $i done echo "Done. " echo -n "Disable log_martians (logging). " for i in /proc/sys/net/ipv4/conf/*/log_martians ; do echo 0 > $i done echo "Done. " echo -n "Disable Syn Cookies. " echo 0 > /proc/sys/net/ipv4/tcp_syncookies echo "Done. " } stopFirewall() { echo -n "Shutdown KMyFirewall... " $IPT -t filter -F || status="1" $IPT -t filter -X || status="1" $IPT -t filter -P INPUT ACCEPT || status="1" $IPT -t filter -P OUTPUT ACCEPT || status="1" $IPT -t filter -P FORWARD ACCEPT || status="1" $IPT -t nat -F || status="1" $IPT -t nat -X || status="1" $IPT -t nat -P OUTPUT ACCEPT || status="1" $IPT -t nat -P PREROUTING ACCEPT || status="1" $IPT -t nat -P POSTROUTING ACCEPT || status="1" echo "Done." } case $1 in start) stopFirewall startFirewall ;; stop) stopFirewall ;; restart) stopFirewall startFirewall ;; *) echo "Usage: sh kmyfirewall.sh { start | stop | restart } " ;; esac if [ "$status" = "1" ]; then exit 1 else exit 0 fi