summaryrefslogtreecommitdiffstats
path: root/projectroot
diff options
context:
space:
mode:
Diffstat (limited to 'projectroot')
-rw-r--r--projectroot/etc/iptables/rules.v40
-rw-r--r--projectroot/etc/iptables/rules.v60
-rw-r--r--projectroot/lib/systemd/system/ip6tables.service14
-rw-r--r--projectroot/lib/systemd/system/iptables.service14
-rwxr-xr-xprojectroot/usr/sbin/ip6tables-flush19
-rwxr-xr-xprojectroot/usr/sbin/iptables-flush19
6 files changed, 66 insertions, 0 deletions
diff --git a/projectroot/etc/iptables/rules.v4 b/projectroot/etc/iptables/rules.v4
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/projectroot/etc/iptables/rules.v4
diff --git a/projectroot/etc/iptables/rules.v6 b/projectroot/etc/iptables/rules.v6
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/projectroot/etc/iptables/rules.v6
diff --git a/projectroot/lib/systemd/system/ip6tables.service b/projectroot/lib/systemd/system/ip6tables.service
new file mode 100644
index 000000000..e842cc197
--- /dev/null
+++ b/projectroot/lib/systemd/system/ip6tables.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Packet Filtering Framework
+DefaultDependencies=no
+After=systemd-sysctl.service
+Before=sysinit.target
+ConditionFileNotEmpty=/etc/iptables/rules.v6
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/ip6tables-restore /etc/iptables/rules.v6
+ExecReload=/usr/sbin/ip6tables-restore /etc/iptables/rules.v6
+ExecStop=/usr/sbin/iptables/ip6tables-flush
+RemainAfterExit=yes
+[Install]
+WantedBy=multi-user.target
diff --git a/projectroot/lib/systemd/system/iptables.service b/projectroot/lib/systemd/system/iptables.service
new file mode 100644
index 000000000..fa4a8b367
--- /dev/null
+++ b/projectroot/lib/systemd/system/iptables.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Packet Filtering Framework
+DefaultDependencies=no
+After=systemd-sysctl.service
+Before=sysinit.target
+ConditionFileNotEmpty=/etc/iptables/rules.v4
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/iptables-restore /etc/iptables/rules.v4
+ExecReload=/usr/sbin/iptables-restore /etc/iptables/rules.v4
+ExecStop=/usr/sbin/iptables-flush
+RemainAfterExit=yes
+[Install]
+WantedBy=multi-user.target
diff --git a/projectroot/usr/sbin/ip6tables-flush b/projectroot/usr/sbin/ip6tables-flush
new file mode 100755
index 000000000..0ef3c3fe0
--- /dev/null
+++ b/projectroot/usr/sbin/ip6tables-flush
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+if ! ip6tables --list >/dev/null 2>&1; then
+ echo "ipv6 filtering is not supported by the running kernel."
+ exit 3
+fi
+
+ip6tables -F
+ip6tables -X
+ip6tables -Z
+for table in $(cat /proc/net/ip6_tables_names);
+do
+ ip6tables -t $table -F
+ ip6tables -t $table -X
+ ip6tables -t $table -Z
+done
+ip6tables -P INPUT ACCEPT
+ip6tables -P OUTPUT ACCEPT
+ip6tables -P FORWARD ACCEPT
diff --git a/projectroot/usr/sbin/iptables-flush b/projectroot/usr/sbin/iptables-flush
new file mode 100755
index 000000000..a9c146eec
--- /dev/null
+++ b/projectroot/usr/sbin/iptables-flush
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+if ! iptables --list >/dev/null 2>&1; then
+ echo "ipv4 filtering is not supported by the running kernel."
+ exit 3
+fi
+
+iptables -F
+iptables -X
+iptables -Z
+for table in $(cat /proc/net/ip_tables_names)
+do
+ iptables -t $table -F
+ iptables -t $table -X
+ iptables -t $table -Z
+done
+iptables -P INPUT ACCEPT
+iptables -P FORWARD ACCEPT
+iptables -P OUTPUT ACCEPT
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-14 05:15:27 +0000