Home Explore Help
Sign In
nightflyza
/
UBinstaller
mirror of https://github.com/nightflyza/UBinstaller.git
Watch 1
Star 0
Fork 0
Files
Tree: d0df721ac8
Branches Tags
UBinstaller
/
nas_preconf
/
configs
/
firewall2.conf

firewall2.conf 2.2 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 
  1. #!/bin/sh
    2. 

  2. 

  3. # firewall command
    4. 

  4. FwCMD="/sbin/ipfw -q"
    5. 

  5. ${FwCMD} -f flush
    6. 

  6. 

  7. # Interfaces setup
    8. 

  8. LAN_IF="INTERNAL_INTERFACE"
    9. 

  9. WAN_IF="EXTERNAL_INTERFACE"
    10. 

  10. INTERNAL_IP="INT_ADDR"
    11. 

  11. 

  12. ENABLE_VLANS="YES"
    13. 

  13. 

  14. BRIDGE_NAME="bridge0"
    15. 

  15. VLAN_INTERFACE=${LAN_IF}
    16. 

  16. VLAN_COUNT="20"
    17. 

  17. VLAN_FROM="101"
    18. 

  18. 

  19. 

  20. case $ENABLE_VLANS in
    21. 

  21. YES)
    22. 

  22. #Bridge interface creation
    23. 

  23. /sbin/ifconfig bridge create
    24. 

  24. #casting VLANS and adding it to bridge
    25. 

  25. for i in $( jot ${VLAN_COUNT} ${VLAN_FROM} ); 
    26. 

  26. do 
    27. 

  27. echo "Creating vlan: ${VLAN_INTERFACE}.${i}"
    28. 

  28. /sbin/ifconfig ${VLAN_INTERFACE}.${i} create
    29. 

  29. /sbin/ifconfig ${VLAN_INTERFACE}.${i} up
    30. 

  30. echo "Adding vlan: ${VLAN_INTERFACE}.${i} to ${BRIDGE_NAME}"
    31. 

  31. /sbin/ifconfig ${BRIDGE_NAME} addm ${VLAN_INTERFACE}.${i} up
    32. 

  32. /sbin/ifconfig ${BRIDGE_NAME} private ${VLAN_INTERFACE}.${i}
    33. 

  33. done
    34. 

  34. USER_INTERFACE=${BRIDGE_NAME}
    35. 

  35. /sbin/ifconfig ${BRIDGE_NAME} maxaddr 9000
    36. 

  36. ;;
    37. 

  37. NO)
    38. 

  38. USER_INTERFACE=${LAN_IF}
    39. 

  39. ;;
    40. 

  40. esac
    41. 

  41. 

  42. #manual MAC inherit
    43. 

  43. #/sbin/ifconfig ${USER_INTERFACE} ether a0:36:9f:c0:da:aa
    44. 

  44. 

  45. #setting internal interface IP
    46. 

  46. /sbin/ifconfig ${USER_INTERFACE} ${INTERNAL_IP}
    47. 

  47. echo "Internal interface IP set to ${INTERNAL_IP}"
    48. 

  48. 

  49. 

  50. 

  51. # Networks define
    52. 

  52. ${FwCMD} table 2 add INTERNAL_NETWORK
    53. 

  53. 

  54. #access for our site and other things
    55. 

  55. ${FwCMD} add  62100 allow ip from table\(2\) to table\(17\)
    56. 

  56. ${FwCMD} add  62100 allow ip from table\(17\) to table\(2\)
    57. 

  57. 

  58. #NAT
    59. 

  59. ${FwCMD} nat 1 config log if ${WAN_IF} reset same_ports
    60. 

  60. ${FwCMD} add 6000 nat 1 ip from table\(2\) to not table\(9\) out xmit ${WAN_IF}
    61. 

  61. ${FwCMD} add 6001 nat 1 ip from any to me in recv ${WAN_IF}
    62. 

  62. 

  63. 

  64. #Shape 
    65. 

  65. ${FwCMD} add 12001 pipe tablearg ip from any to table\(4\) via ${USER_INTERFACE} out
    66. 

  66. ${FwCMD} add 12000 pipe tablearg ip from table\(3\) to any via ${USER_INTERFACE} in
    67. 

  67. 

  68. 

  69. #security
    70. 

  70. ${FwCMD} add 3 deny ip6 from any to any
    71. 

  71. ${FwCMD} add 4 deny ip from table\(42\) to any
    72. 

  72. ${FwCMD} add 4 deny ip from any to table\(42\)
    73. 

  73. 

  74. # allow access to my http for all
    75. 

  75. ${FwCMD} add  62000 allow tcp from any to me dst-port 80
    76. 

  76. ${FwCMD} add  62000 allow tcp from me to any src-port 80
    77. 

  77. 

  78. 

  79. # default block policy
    80. 

  80. ${FwCMD} add 65533 deny all from table\(2\) to any via ${USER_INTERFACE}
    81. 

  81. ${FwCMD} add 65534 deny all from any to table\(2\) via ${USER_INTERFACE}
    82. 

  82. ${FwCMD} add 65535 allow all from any to any
    83. 

  83. 

  84. # netflow stats
    85. 

  85. /usr/local/bin/softflowd -i ${USER_INTERFACE} -n NF_HOST
    86.