diff options
Diffstat (limited to 'projectroot')
-rw-r--r-- | projectroot/etc/iptables/rules.v4 | 0 | ||||
-rw-r--r-- | projectroot/etc/iptables/rules.v6 | 0 | ||||
-rw-r--r-- | projectroot/lib/systemd/system/ip6tables.service | 14 | ||||
-rw-r--r-- | projectroot/lib/systemd/system/iptables.service | 14 | ||||
-rwxr-xr-x | projectroot/usr/sbin/ip6tables-flush | 19 | ||||
-rwxr-xr-x | projectroot/usr/sbin/iptables-flush | 19 |
6 files changed, 66 insertions, 0 deletions
diff --git a/projectroot/etc/iptables/rules.v4 b/projectroot/etc/iptables/rules.v4 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/projectroot/etc/iptables/rules.v4 diff --git a/projectroot/etc/iptables/rules.v6 b/projectroot/etc/iptables/rules.v6 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/projectroot/etc/iptables/rules.v6 diff --git a/projectroot/lib/systemd/system/ip6tables.service b/projectroot/lib/systemd/system/ip6tables.service new file mode 100644 index 000000000..e842cc197 --- /dev/null +++ b/projectroot/lib/systemd/system/ip6tables.service @@ -0,0 +1,14 @@ +[Unit] +Description=Packet Filtering Framework +DefaultDependencies=no +After=systemd-sysctl.service +Before=sysinit.target +ConditionFileNotEmpty=/etc/iptables/rules.v6 +[Service] +Type=oneshot +ExecStart=/usr/sbin/ip6tables-restore /etc/iptables/rules.v6 +ExecReload=/usr/sbin/ip6tables-restore /etc/iptables/rules.v6 +ExecStop=/usr/sbin/iptables/ip6tables-flush +RemainAfterExit=yes +[Install] +WantedBy=multi-user.target diff --git a/projectroot/lib/systemd/system/iptables.service b/projectroot/lib/systemd/system/iptables.service new file mode 100644 index 000000000..fa4a8b367 --- /dev/null +++ b/projectroot/lib/systemd/system/iptables.service @@ -0,0 +1,14 @@ +[Unit] +Description=Packet Filtering Framework +DefaultDependencies=no +After=systemd-sysctl.service +Before=sysinit.target +ConditionFileNotEmpty=/etc/iptables/rules.v4 +[Service] +Type=oneshot +ExecStart=/usr/sbin/iptables-restore /etc/iptables/rules.v4 +ExecReload=/usr/sbin/iptables-restore /etc/iptables/rules.v4 +ExecStop=/usr/sbin/iptables-flush +RemainAfterExit=yes +[Install] +WantedBy=multi-user.target diff --git a/projectroot/usr/sbin/ip6tables-flush b/projectroot/usr/sbin/ip6tables-flush new file mode 100755 index 000000000..0ef3c3fe0 --- /dev/null +++ b/projectroot/usr/sbin/ip6tables-flush @@ -0,0 +1,19 @@ +#!/bin/sh + +if ! ip6tables --list >/dev/null 2>&1; then + echo "ipv6 filtering is not supported by the running kernel." + exit 3 +fi + +ip6tables -F +ip6tables -X +ip6tables -Z +for table in $(cat /proc/net/ip6_tables_names); +do + ip6tables -t $table -F + ip6tables -t $table -X + ip6tables -t $table -Z +done +ip6tables -P INPUT ACCEPT +ip6tables -P OUTPUT ACCEPT +ip6tables -P FORWARD ACCEPT diff --git a/projectroot/usr/sbin/iptables-flush b/projectroot/usr/sbin/iptables-flush new file mode 100755 index 000000000..a9c146eec --- /dev/null +++ b/projectroot/usr/sbin/iptables-flush @@ -0,0 +1,19 @@ +#!/bin/sh + +if ! iptables --list >/dev/null 2>&1; then + echo "ipv4 filtering is not supported by the running kernel." + exit 3 +fi + +iptables -F +iptables -X +iptables -Z +for table in $(cat /proc/net/ip_tables_names) +do + iptables -t $table -F + iptables -t $table -X + iptables -t $table -Z +done +iptables -P INPUT ACCEPT +iptables -P FORWARD ACCEPT +iptables -P OUTPUT ACCEPT |