config_get syn_rate $1 syn_rate
config_get syn_burst $1 syn_burst
[ "$syn_flood" == "1" ] && load_synflood $syn_rate $syn_burst
+
+ echo "Adding custom chains"
+ fw_custom_chains
$IPTABLES -N input
$IPTABLES -N output
$IPTABLES -A reject -p tcp -j REJECT --reject-with tcp-reset
$IPTABLES -A reject -j REJECT --reject-with icmp-port-unreachable
- echo "Adding custom chains"
- fw_custom_chains
-
fw_set_chain_policy INPUT "$DEF_INPUT"
fw_set_chain_policy OUTPUT "$DEF_OUTPUT"
fw_set_chain_policy FORWARD "$DEF_FORWARD"
config_get proto $1 proto
config_get target $1 target
config_get ruleset $1 ruleset
-
+
+ ZONE=input
+ TARGET=$target
[ -z "$target" ] && target=DROP
- [ -n "$src" ] && ZONE=zone_$src || ZONE=input
- [ -n "$dest" ] && TARGET=zone_${dest}_$target || TARGET=$target
+ [ -n "$src" -a -z "$dest" ] && ZONE=zone_$src
+ [ -n "$src" -a -n "$dest" ] && ZONE=zone_${src}_forward
+ [ -n "$dest" ] && TARGET=zone_${dest}_$target
add_rule() {
$IPTABLES -I $ZONE 1 \
${proto:+-p $proto} \
$IPTABLES -N input_${zone}
$IPTABLES -N forwarding_${zone}
$IPTABLES -N prerouting_${zone} -t nat
- $IPTABLES -A zone_${zone} -j input_${zone}
- $IPTABLES -A zone_${zone}_forward -j forwarding_${zone}
- $IPTABLES -A zone_${zone}_prerouting -t nat -j prerouting_${zone}
+ $IPTABLES -I zone_${zone} 1 -j input_${zone}
+ $IPTABLES -I zone_${zone}_forward 1 -j forwarding_${zone}
+ $IPTABLES -I zone_${zone}_prerouting 1 -t nat -j prerouting_${zone}
}
fw_init() {
projects / openwrt.git / blobdiff