2013-09-28 20:03:20 +00:00
|
|
|
#!/bin/sh /etc/rc.common
|
|
|
|
# Copyright (C) 2013 Project Gluon
|
|
|
|
#
|
|
|
|
# Firewall script for inserting and removing ebtables rules.
|
|
|
|
#
|
|
|
|
# Example format, for filtering any IPv4 multicast packets to the SSDP UDP port:
|
|
|
|
# rule FORWARD --logical-out br-client -d Multicast -p IPv4 --ip-protocol udp --ip-destination-port 5355 -j DROP
|
|
|
|
#
|
|
|
|
# Removing all rules:
|
2018-04-11 11:13:59 +00:00
|
|
|
# $ /etc/init.d/gluon-ebtables stop
|
2013-09-28 20:03:20 +00:00
|
|
|
# Inserting all rules:
|
2018-04-11 11:13:59 +00:00
|
|
|
# $ /etc/init.d/gluon-ebtables start
|
2013-09-28 20:03:20 +00:00
|
|
|
# Inserting a specific rule file:
|
2018-04-11 11:13:59 +00:00
|
|
|
# $ /etc/init.d/gluon-ebtables start /lib/gluon/ebtables/100-mcast-chain
|
2013-09-28 20:03:20 +00:00
|
|
|
# Removing a specific rule file:
|
2018-04-11 11:13:59 +00:00
|
|
|
# $ /etc/init.d/gluon-ebtables stop /lib/gluon/ebtables/100-mcast-chain
|
2013-09-28 20:03:20 +00:00
|
|
|
|
|
|
|
|
|
|
|
START=19
|
|
|
|
STOP=91
|
|
|
|
|
|
|
|
|
|
|
|
exec_file() {
|
|
|
|
local file="$1"
|
|
|
|
|
2014-05-14 13:02:57 +00:00
|
|
|
/usr/bin/lua -e "
|
2016-03-08 07:10:20 +00:00
|
|
|
function rule(command, table)
|
|
|
|
table = table or 'filter'
|
2014-05-14 13:02:57 +00:00
|
|
|
os.execute($EBTABLES_RULE)
|
|
|
|
end
|
2016-03-08 07:10:20 +00:00
|
|
|
function chain(name, policy, table)
|
|
|
|
table = table or 'filter'
|
2014-05-14 13:02:57 +00:00
|
|
|
os.execute($EBTABLES_CHAIN)
|
|
|
|
end
|
2016-03-08 07:10:20 +00:00
|
|
|
|
2014-05-14 13:02:57 +00:00
|
|
|
" "$file"
|
2013-09-28 20:03:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
exec_all() {
|
|
|
|
local sort_arg="$1"
|
|
|
|
|
|
|
|
local old_ifs="$IFS"
|
|
|
|
IFS='
|
|
|
|
'
|
|
|
|
for file in `find /lib/gluon/ebtables -type f | sort $sort_arg`; do
|
|
|
|
exec_file "$file"
|
|
|
|
done
|
|
|
|
IFS="$old_ifs"
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
start() {
|
|
|
|
(
|
2018-04-11 11:13:59 +00:00
|
|
|
export EBTABLES_RULE='"ebtables-tiny -t " .. table .. " -A " .. command'
|
|
|
|
export EBTABLES_CHAIN='"ebtables-tiny -t " .. table .. " -N " .. name .. " -P " .. policy'
|
2017-11-26 21:40:02 +00:00
|
|
|
|
|
|
|
# Contains /var/lib/ebtables/lock for '--concurrent'
|
|
|
|
[ ! -d "/var/lib/ebtables" ] && \
|
|
|
|
mkdir -p /var/lib/ebtables
|
2013-09-28 20:03:20 +00:00
|
|
|
|
|
|
|
if [ -z "$1" ]; then
|
|
|
|
exec_all ''
|
|
|
|
else
|
|
|
|
exec_file "$1"
|
|
|
|
fi
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
stop() {
|
|
|
|
(
|
2018-04-11 11:13:59 +00:00
|
|
|
export EBTABLES_RULE='"ebtables-tiny -t " .. table .. " -D " .. command'
|
|
|
|
export EBTABLES_CHAIN='"ebtables-tiny -t " .. table .. " -X " .. name'
|
2013-09-28 20:03:20 +00:00
|
|
|
|
|
|
|
if [ -z "$1" ]; then
|
|
|
|
exec_all '-r'
|
|
|
|
else
|
|
|
|
exec_file "$1"
|
|
|
|
fi
|
|
|
|
)
|
|
|
|
}
|