|
|
@@ -191,28 +191,43 @@ function mesh_firewall {
|
|
191
|
191
|
echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
|
|
192
|
192
|
echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
|
|
193
|
193
|
echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
|
|
194
|
+ echo 'ip6tables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
|
194
|
195
|
echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
|
|
196
|
+ echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
|
195
|
197
|
echo '' >> $MESH_FIREWALL_SCRIPT
|
|
196
|
198
|
echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
|
|
197
|
199
|
echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
|
200
|
+ echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
198
|
201
|
echo '' >> $MESH_FIREWALL_SCRIPT
|
|
199
|
202
|
echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
|
|
200
|
203
|
echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
|
204
|
+ echo 'ip6tables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
201
|
205
|
echo '' >> $MESH_FIREWALL_SCRIPT
|
|
202
|
206
|
echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
|
|
203
|
207
|
echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
|
208
|
+ echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
204
|
209
|
echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
|
210
|
+ echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
205
|
211
|
echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
|
212
|
+ echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
206
|
213
|
echo '' >> $MESH_FIREWALL_SCRIPT
|
|
207
|
214
|
echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
|
|
208
|
215
|
echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
|
216
|
+ echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
209
|
217
|
echo '' >> $MESH_FIREWALL_SCRIPT
|
|
210
|
218
|
echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
|
219
|
+ echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
|
220
|
+
|
|
211
|
221
|
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
|
222
|
+ echo "ip6tables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
212
|
223
|
echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
|
224
|
+ echo "ip6tables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
213
|
225
|
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
|
226
|
+ echo "ip6tables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
214
|
227
|
echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
|
228
|
+ echo "ip6tables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
215
|
229
|
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
|
230
|
+ echo "ip6tables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
216
|
231
|
chmod +x $MESH_FIREWALL_SCRIPT
|
|
217
|
232
|
|
|
218
|
233
|
echo '[Unit]' > $FIREWALL_FILENAME
|
Bob Mottram
7 jaren geleden