You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

59 lines
938 B

  1. # Firewall configuration
  2. SET=DIDAFF
  3. TIMEOUT=10800 # 3 hours
  4. # How to add the iptables rule(s) using the set
  5. iptables_add() {
  6. iptables -I FORWARD -i eth0 -m set --match-set $SET src -j DROP
  7. }
  8. # How to remove the iptables rule(s) using the set
  9. iptables_del() {
  10. iptables -D FORWARD -i eth0 -m set --match-set $SET src -j DROP
  11. }
  12. # How to add the nominated set with the given default timeout
  13. ipset_add() {
  14. ipset create $SET hash:net timeout $TIMEOUT
  15. }
  16. # How to remove a nominated set
  17. ipset_del() { # set
  18. ipset destroy $SET
  19. }
  20. firewall_enable() {
  21. ipset_add
  22. iptables_add
  23. }
  24. firewall_disable() {
  25. iptables_del
  26. ipset_del
  27. }
  28. cron_enable() {
  29. cat <<EOF >> /etc/cron.d/firewall
  30. * * * * * $(dirname $0)/firewall-cron
  31. EOF
  32. }
  33. cron_disable() {
  34. rm -f /etc/cron.d/firewall
  35. }
  36. set -x
  37. case "$1" in
  38. enable)
  39. ipset_add
  40. iptables_add
  41. cron_enable
  42. ;;
  43. disable)
  44. cron_disable
  45. iptables_del
  46. ipset_del
  47. ;;
  48. esac