Commit a6678438 authored by iv's avatar iv

Fix ip6tables configuration using ip6tables-restore.

parent 4c94cc4e
...@@ -45,7 +45,6 @@ re6st-conf --registry "${registry}" --token "${token}" --dir "${configdir}" ...@@ -45,7 +45,6 @@ re6st-conf --registry "${registry}" --token "${token}" --dir "${configdir}"
printf '%s\n' "${options[@]}" >> "${configfile}" printf '%s\n' "${options[@]}" >> "${configfile}"
echo " echo "
*filter
:FORWARD ACCEPT [0:0] :FORWARD ACCEPT [0:0]
:OUTPUT DROP [0:0] :OUTPUT DROP [0:0]
-A INPUT -p udp -m udp --dport 6696 -j ACCEPT -A INPUT -p udp -m udp --dport 6696 -j ACCEPT
...@@ -54,7 +53,6 @@ echo " ...@@ -54,7 +53,6 @@ echo "
-A INPUT -p tcp -m tcp --dport 50005 -j ACCEPT -A INPUT -p tcp -m tcp --dport 50005 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 6696 -j ACCEPT -A OUTPUT -p udp -m udp --dport 6696 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 326 -j ACCEPT -A OUTPUT -p udp -m udp --dport 326 -j ACCEPT
COMMIT
" > "${configdir}/ip6tables.conf" " > "${configdir}/ip6tables.conf"
if [ $save -a $place ] ; then if [ $save -a $place ] ; then
......
...@@ -61,6 +61,7 @@ fi ...@@ -61,6 +61,7 @@ fi
# saving firewall configuration # saving firewall configuration
ip6tables-save > "${configdir}/ip6tables.save" ip6tables-save > "${configdir}/ip6tables.save"
cp "${configdir}/ip6tables.save" "${configdir}/current_ip6tables.conf"
# clean before exiting # clean before exiting
cleanup() { cleanup() {
...@@ -69,6 +70,7 @@ cleanup() { ...@@ -69,6 +70,7 @@ cleanup() {
echo "Removing changes in ip6tables rules" echo "Removing changes in ip6tables rules"
ip6tables-restore < "${configdir}/ip6tables.save" ip6tables-restore < "${configdir}/ip6tables.save"
rm "${configdir}/ip6tables.save" rm "${configdir}/ip6tables.save"
rm "${configdir}/current_ip6tables.conf"
fi fi
echo "" echo ""
exit 0 exit 0
...@@ -78,7 +80,13 @@ trap cleanup SIGHUP SIGINT SIGTERM ...@@ -78,7 +80,13 @@ trap cleanup SIGHUP SIGINT SIGTERM
# firewall configuration # firewall configuration
if [ -r "${configdir}/ip6tables.conf" ] ; then if [ -r "${configdir}/ip6tables.conf" ] ; then
ip6tables-restore < "${configdir}/ip6tables.conf" # remove line containing "COMMIT"
sed -i '/COMMIT/d' "${configdir}/current_ip6tables.conf"
# add few rules
cat "${configdir}/ip6tables.conf" >> "${configdir}/current_ip6tables.conf"
# putting "COMMIT" line back
echo "COMMIT" >> "${configdir}/current_ip6tables.conf"
ip6tables-restore < "${configdir}/current_ip6tables.conf"
else else
# accept ports needed for re6stnet # accept ports needed for re6stnet
ip6tables -P FORWARD ACCEPT ip6tables -P FORWARD ACCEPT
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment