From 4c7a313e604d2b87450461383fe3dc634fbcd313 Mon Sep 17 00:00:00 2001 From: gyurix Date: Thu, 13 Oct 2022 06:47:56 +0000 Subject: [PATCH] Changing wait time to infinity --- firewall/firewall-add | 45 ++++++++++++++----------------------------- 1 file changed, 14 insertions(+), 31 deletions(-) diff --git a/firewall/firewall-add b/firewall/firewall-add index c929002..92fd9cb 100755 --- a/firewall/firewall-add +++ b/firewall/firewall-add @@ -153,24 +153,19 @@ fi prerouting() { - LINES=$($IPTABLES -w 10 -L --line-number -n | grep DNAT | grep $SOURCE_PORT |grep $TARGET_IP |grep $TARGET_PORT |grep $COMMENT | awk '{print $1}'| tac) + LINES=$($IPTABLES -w -L --line-number -n | grep DNAT | grep $SOURCE_PORT |grep $TARGET_IP |grep $TARGET_PORT |grep $COMMENT | awk '{print $1}'| tac) debug "Previous prerouting lines: "$LINES # DELETE UNECESSARY LINES FROM PREVIOUS RULES if [ -n "$LINES" ] ; then for i in $LINES; do debug "$IPTABLES -D PREROUTING $i"; - $IPTABLES -w 10 -D PREROUTING $i + $IPTABLES -w -D PREROUTING $i sleep 0.1 done fi debug "$IPTABLES -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment $COMMENT -j DNAT --to $TARGET_IP:$TARGET_PORT" - $IPTABLES -w 5 -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT - $IPTABLES -C PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT - if [[ "$(echo $?)" != "0" ]]; then - $IPTABLES -w 20 -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT - fi -} + $IPTABLES -w -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT postrouting() { @@ -185,44 +180,36 @@ postrouting() { fi if [ -n "$SOURCE_IP" ] ; then - LINES=$($IPTABLES -w 5 -L --line-number -n | grep MASQUERADE | grep $COMMENT | grep $SOURCE_IP_FOR_POSTROUTING | grep $SOURCE_PORT | awk '{print $1}'| tac) + LINES=$($IPTABLES -w -L --line-number -n | grep MASQUERADE | grep $COMMENT | grep $SOURCE_IP_FOR_POSTROUTING | grep $SOURCE_PORT | awk '{print $1}'| tac) debug "Previous postrouting lines: "$LINES # DELETE UNECESSARY LINES FROM PREVIOUS RULES if [ -n "$LINES" ] ; then for i in $LINES; do debug "$IPTABLES -D POSTROUTING $i" - $IPTABLES -w 5 -D POSTROUTING $i + $IPTABLES -w -D POSTROUTING $i sleep 0.1 done fi debug "$IPTABLES -I POSTROUTING -s $SOURCE_IP_FOR_POSTROUTING -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j MASQUERADE" - $IPTABLES -w 5 -I POSTROUTING -d $SOURCE_IP_FOR_POSTROUTING -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j MASQUERADE - $IPTABLES -C POSTROUTING -d $SOURCE_IP_FOR_POSTROUTING -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j MASQUERADE - if [[ "$(echo $?)" != "0" ]]; then - $IPTABLES -w 20 -I POSTROUTING -d $SOURCE_IP_FOR_POSTROUTING -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j MASQUERADE - fi + $IPTABLES -w -I POSTROUTING -d $SOURCE_IP_FOR_POSTROUTING -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j MASQUERADE fi if [ -n "$TARGET_IP" ] ; then - LINES=$($IPTABLES -w 5 -L --line-number -n | grep $COMMENT | grep $TARGET_IP_FOR_POSTROUTING | grep $TARGET_PORT | awk '{print $1}'| tac) + LINES=$($IPTABLES -w -L --line-number -n | grep $COMMENT | grep $TARGET_IP_FOR_POSTROUTING | grep $TARGET_PORT | awk '{print $1}'| tac) debug "Previous postrouting lines: "$LINES # DELETE UNECESSARY LINES FROM PREVIOUS RULES if [ -n "$LINES" ] ; then for i in $LINES; do debug "$IPTABLES -D POSTROUTING $i" - $IPTABLES -w 5 -D POSTROUTING $i + $IPTABLES -w -D POSTROUTING $i sleep 0.1 done fi debug "$IPTABLES -I POSTROUTING -s $TARGET_IP_FOR_POSTROUTING -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j MASQUERADE" - $IPTABLES -w 5 -I POSTROUTING -d $TARGET_IP_FOR_POSTROUTING -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j MASQUERADE - $IPTABLES -C POSTROUTING -d $TARGET_IP_FOR_POSTROUTING -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j MASQUERADE - if [[ "$(echo $?)" != "0" ]]; then - $IPTABLES -w 20 -I POSTROUTING -d $TARGET_IP_FOR_POSTROUTING -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j MASQUERADE - fi + $IPTABLES -w -I POSTROUTING -d $TARGET_IP_FOR_POSTROUTING -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j MASQUERADE fi } @@ -312,10 +299,10 @@ else ############################ # Host firewall settings ### - if $IPTABLES -w 5 --list $CHAIN |grep ESTABLISHED |grep RELATED|grep ACCEPT ; then + if $IPTABLES -w --list $CHAIN |grep ESTABLISHED |grep RELATED|grep ACCEPT ; then echo "nothing to do"; else - $IPTABLES -w 5 -I $CHAIN -m state --state established,related -j ACCEPT; + $IPTABLES -w -I $CHAIN -m state --state established,related -j ACCEPT; fi IPTABLES_OPTIONS="" @@ -344,25 +331,21 @@ else # # DELETE UNECESSARY LINES FROM PREVIOUS RULES - IPTABLES_COMMAND="$IPTABLES -w 5 --line-number -n --list $CHAIN | grep $PROTOCOL $GREP_OPTIONS | awk '{print \$1}'| tac"; + IPTABLES_COMMAND="$IPTABLES -w --line-number -n --list $CHAIN | grep $PROTOCOL $GREP_OPTIONS | awk '{print \$1}'| tac"; debug "$IPTABLES_COMMAND"; LINES=$(eval $IPTABLES_COMMAND); if [ -n "$LINES" ] ; then for i in $LINES; do debug "$IPTABLES -D $CHAIN $i" - $IPTABLES -w 5 -D $CHAIN $i + $IPTABLES -w -D $CHAIN $i sleep 0.1 done fi debug "$IPTABLES -I $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT" - $IPTABLES -w 5 -I $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT - $IPTABLES -C $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT - if [[ "$(echo $?)" != "0" ]]; then - $IPTABLES -I $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT - fi + $IPTABLES -w -I $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT fi ############################# fi