Additional mesh ipv6 firewall configuration
This commit is contained in:
Bob Mottram
parent
8ddf551bc7
commit
94d1fb3963
|
|
@ -350,28 +350,42 @@ function mesh_firewall {
|
|||
echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "ip6tables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "ip6tables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "ip6tables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "ip6tables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "ip6tables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
chmod +x $MESH_FIREWALL_SCRIPT
|
||||
|
||||
echo '[Unit]' > $FIREWALL_FILENAME
|
||||
|
|
|
|||
Loading…
Reference in New Issue