safebox/firewall_containers
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

debugging duplication and filtering

Browse Source
This commit is contained in:
Gyorgy Berenyi
2022-09-20 10:01:05 +00:00
parent ae1c4d255d
commit db252ce091
1 changed files with 27 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
firewall/firewall-add
View File

@@ -293,9 +293,35 @@ else
$IPTABLES -I $CHAIN -m state --state established,related -j ACCEPT;
fi
IPTABLES_OPTIONS=""
GREP_OPTIONS=""
if [ "$SOURCE_IP" != "" ]; then
IPTABLES_OPTIONS=$IPTABLES_OPTIONS" -s $SOURCE_IP";
GREP_OPTIONS=$GREP_OPTIONS"|grep -e $SOURCE_IP";
if [ "$SOURCE_PORT" != "" ]; then
IPTABLES_OPTIONS=$IPTABLES_OPTIONS" --sport $SOURCE_PORT";
GREP_OPTIONS=$GREP_OPTIONS"|grep -e $SOURCE_PORT";
fi
fi
if [ "$TARGET_IP" != "" ]; then
IPTABLES_OPTIONS=$IPTABLES_OPTIONS" -d $TARGET_IP";
GREP_OPTIONS=$GREP_OPTIONS"|grep -e $TARGET_IP";
if [ "$TARGET_PORT" != "" ]; then
IPTABLES_OPTIONS=$IPTABLES_OPTIONS" --dport $TARGET_PORT";
GREP_OPTIONS=$GREP_OPTIONS"|grep -e $TARGET_PORT";
fi
fi
if [[ "$SOURCE_IP" != "" && "$TARGET_IP" != "" ]]; then
#
# DELETE UNECESSARY LINES FROM PREVIOUS RULES
LINES=$($IPTABLES --line-number -n --list $CHAIN | grep $SOURCE_IP |grep $TARGET_IP |grep $PROTOCOL |grep $TARGET_PORT | awk '{print $1}'| tac)
IPTABLES_COMMAND="$IPTABLES --line-number -n --list $CHAIN | grep $PROTOCOL $GREP_OPTIONS | awk '{print \$1}'| tac";
debug "$IPTABLES_COMMAND";
LINES=$(eval $IPTABLES_COMMAND);
if [ -n "$LINES" ] ; then
for i in $LINES; do
@@ -305,25 +331,6 @@ else
done
fi
IPTABLES_OPTIONS=""
if [ "$SOURCE_IP" != "" ]; then
IPTABLES_OPTIONS=$IPTABLES_OPTIONS" -s $SOURCE_IP";
else
SOURCE_PORT=""
fi
if [ "$SOURCE_PORT" != "" ]; then
IPTABLES_OPTIONS=$IPTABLES_OPTIONS" --sport $SOURCE_PORT";
fi
if [ "$TARGET_IP" != "" ]; then
IPTABLES_OPTIONS=$IPTABLES_OPTIONS" -d $TARGET_IP";
else
TARGET_PORT=""
fi
if [ "$TARGET_PORT" != "" ]; then
IPTABLES_OPTIONS=$IPTABLES_OPTIONS" --dport $TARGET_PORT";
fi
if [[ "$SOURCE_IP" != "" && "$TARGET_IP" != "" ]]; then
debug "$IPTABLES -I $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT"
$IPTABLES -I $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT