|
|
@@ -350,28 +350,42 @@ function mesh_firewall {
|
|
350
|
350
|
echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
|
|
351
|
351
|
echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
|
|
352
|
352
|
echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
|
|
353
|
+ echo 'ip6tables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
|
353
|
354
|
echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
|
|
355
|
+ echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
|
354
|
356
|
echo '' >> $MESH_FIREWALL_SCRIPT
|
|
355
|
357
|
echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
|
|
356
|
358
|
echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
|
359
|
+ echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
357
|
360
|
echo '' >> $MESH_FIREWALL_SCRIPT
|
|
358
|
361
|
echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
|
|
359
|
362
|
echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
|
363
|
+ echo 'ip6tables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
360
|
364
|
echo '' >> $MESH_FIREWALL_SCRIPT
|
|
361
|
365
|
echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
|
|
362
|
366
|
echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
|
367
|
+ echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
363
|
368
|
echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
|
369
|
+ echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
364
|
370
|
echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
|
371
|
+ echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
365
|
372
|
echo '' >> $MESH_FIREWALL_SCRIPT
|
|
366
|
373
|
echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
|
|
367
|
374
|
echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
|
375
|
+ echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
|
|
368
|
376
|
echo '' >> $MESH_FIREWALL_SCRIPT
|
|
369
|
377
|
echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
|
378
|
+ echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
370
|
379
|
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
|
380
|
+ echo "ip6tables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
371
|
381
|
echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
|
382
|
+ echo "ip6tables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
372
|
383
|
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
|
384
|
+ echo "ip6tables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
373
|
385
|
echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
|
386
|
+ echo "ip6tables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
374
|
387
|
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
|
388
|
+ echo "ip6tables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
|
375
|
389
|
chmod +x $MESH_FIREWALL_SCRIPT
|
|
376
|
390
|
|
|
377
|
391
|
echo '[Unit]' > $FIREWALL_FILENAME
|
Bob Mottram
7 years ago