jwiegley / jw.firewall

A rigorous set of firewall scripts for BSD ipfw, and Linux iptables

This URL has Read+Write access

jw.firewall / Firewall.hermes
100755 65 lines (50 sloc) 1.434 kb
raw blame history 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

#!/bin/bash
 
##
# Firewall
##
 
#fw_script=/etc/rc.firewall
fw_script=/Users/johnw/src/firewall/rc.firewall
 
. /etc/rc.common
 
StartService ()
{
  if [ "${FIREWALL:=-NO-}" = "-YES-" ]
  then
    ConsoleMessage "Starting Firewall"
 
    sleep 10
 
    gwmac=$(arp $(netstat -f inet -nr | grep ^default | awk '{print $2}') | \
        perl -ne 'print $1, "\n" if / at (.+?) on /;')
 
    case "$gwmac" in
    0:1c:10:bc:b4:46)
    	sh $fw_script --blackhole --trusted-tcp 6900,44176,44177 \
    	    en0+mac::192.168.3.0/24 \
    	    en1+mac::192.168.2.0/24 en1\{0,0\} \
	    vmnet8+win::192.168.36.0/24 \
    	    tun0\{0,0\}::10.0.0.0/16 \
    	    tap0\{0,0\}+win::10.9.19.0/24 \
    	    tap0\{0,0\}+win::172.24.8.0/24
 
    	ConsoleMessage "Home Firewall started for Hermes"
 
        echo "Home" > /var/run/firewall-type ;;
    *)
    	sh $fw_script --blackhole --trusted-tcp 8140 \
	    en0 en1\{512Kbits/s,256Kbits/s\} \
	    vmnet8+win::192.168.36.0/24 \
    	    tun0::10.8.0.0/24 tun0 \
    	    tun1::10.9.0.0/24 tun1 \
    	    tap0\{500Kbits/s,250Kbits/s\}+win::10.9.19.0/24 \
    	    tap0\{500Kbits/s,250Kbits/s\}+win::172.24.8.0/24 tap0
 
    	ConsoleMessage "Remote Firewall started for Hermes"
 
        echo "Automatic" > /var/run/firewall-type ;;
    esac
  fi
}
 
StopService ()
{
    ConsoleMessage "Stopping Firewall"
    /sbin/ipfw -f -q flush
}
 
RestartService ()
{
    StopService
    StartService
}
 
RunService "$1"