Permalink
Cannot retrieve contributors at this time
Fetching contributors…
Cannot retrieve contributors at this time
| #!/bin/bash | |
| echo -e "\n\nLoading simple rc.firewall-iptables version $FWVER..\n" | |
| DEPMOD=/sbin/depmod | |
| MODPROBE=/sbin/modprobe | |
| EXTIF="eth0" | |
| INTIF="eth1" | |
| echo " External Interface: $EXTIF" | |
| echo " Internal Interface: $INTIF" | |
| #====================================================================== | |
| #== No editing beyond this line is required for initial MASQ testing == | |
| echo -en " loading modules: " | |
| echo " - Verifying that all kernel modules are ok" | |
| $DEPMOD -a | |
| echo "----------------------------------------------------------------------" | |
| echo -en "ip_tables, " | |
| $MODPROBE ip_tables | |
| echo -en "nf_conntrack, " | |
| $MODPROBE nf_conntrack | |
| echo -en "nf_conntrack_ftp, " | |
| $MODPROBE nf_conntrack_ftp | |
| echo -en "nf_conntrack_irc, " | |
| $MODPROBE nf_conntrack_irc | |
| echo -en "iptable_nat, " | |
| $MODPROBE iptable_nat | |
| echo -en "nf_nat_ftp, " | |
| $MODPROBE nf_nat_ftp | |
| echo "----------------------------------------------------------------------" | |
| echo -e " Done loading modules.\n" | |
| echo " Enabling forwarding.." | |
| echo "1" > /proc/sys/net/ipv4/ip_forward | |
| echo " Enabling DynamicAddr.." | |
| echo "1" > /proc/sys/net/ipv4/ip_dynaddr | |
| echo " Clearing any existing rules and setting default policy.." | |
| iptables-restore <<-EOF | |
| *nat | |
| -A POSTROUTING -o "$EXTIF" -j MASQUERADE | |
| COMMIT | |
| *filter | |
| :INPUT ACCEPT [0:0] | |
| :FORWARD DROP [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| -A FORWARD -i "$EXTIF" -o "$INTIF" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | |
| -A FORWARD -i "$INTIF" -o "$EXTIF" -j ACCEPT | |
| COMMIT | |
| EOF | |
| echo -e "\nrc.firewall-iptables v$FWVER done.\n" |