X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=userapps%2Fopensource%2Freaim%2Ffirewall.sh;fp=userapps%2Fopensource%2Freaim%2Ffirewall.sh;h=0000000000000000000000000000000000000000;hb=cf3b25a5003e531e4599b2a56fa007f272198570;hp=a1e97e39f1d8979e6e92d1e4a355046cf6923555;hpb=59e02c1be2c9b373846b0789fbd5b7ef46f0927f;p=bcm963xx.git diff --git a/userapps/opensource/reaim/firewall.sh b/userapps/opensource/reaim/firewall.sh deleted file mode 100755 index a1e97e39..00000000 --- a/userapps/opensource/reaim/firewall.sh +++ /dev/null @@ -1,175 +0,0 @@ -#!/bin/sh -# -# Project: ReAim -# -# Release : 0.8 pre -# -# Homepage: http://reaim.sourceforge.net/ -# -# Copyright: Mark Cooke, March 2002. All Rights Reserved. -# -# License: GNU General Public License, Version 2. -# -# CVS Data: $Id: firewall.sh,v 1.6 2003/03/27 14:39:36 mark-c Exp $ -# -# Description: -# -# Sample script to configure the necessary firewall rules -# for ReAim using iptables. See the source for an ipt/NetBSD example. -# -# Final words: -# -# No warranty. Patches, bug reports, success stories and other contributions -# most welcome. - - -# ------------------------- -# User configurable section -# ------------------------- -# -# The user must uncomment the INSIDE_IF and OUTSIDE_IF -# lines, and select the appropriate network interfaces -# for this script to use to configure networking. -# -# Example ethernet-connected cable / corporate firewall: -# INSIDE_IF=eth0 -# OUTSIDE_IF=eth1 -# -# Example home LAN with dialup: -# INSIDE_IF=eth0 -# OUTSIDE_IF=ppp0 - -#-------------------------------------------------------------- -# SHOULD NOT HAVE TO CHANGE ANYTHING BELOW HERE -#-------------------------------------------------------------- - -newchain() { - # Check syntax - if [ $# = 0 ]; then - echo "Usage: newchain {name}" - fi - - # If chain already exists just flush it, else create it. - $IPT $2 -L -n | grep "$1 " > /dev/null - if test "$?" = 0 - then - $IPT_X $2 -F "$1" - else - $IPT_X $2 -N "$1" - fi -} - -# Just in case we don't have the sbin directories in the -# path, tag them to the end. -export PATH=$PATH:/sbin:/usr/sbin - -# Sanity check the user supplied interfaces... -# -if [ X${INSIDE_IF} = "X" ]; -then - echo "INSIDE_IF was not defined. Please adjust the start of the script." - exit 1 -else - grep -q "${INSIDE_IF}:" /proc/net/dev - if [ $? != 0 ]; - then - echo "INSIDE_IF (${INSIDE_IF}) is not listed as an interface in /proc/net/dev." - exit 1 - fi -fi - -if [ X${OUTSIDE_IF} = "X" ]; -then - echo "OUTSIDE_IF was not defined. Please adjust the start of the script." - exit 1 -else - grep -q "${OUTSIDE_IF}:" /proc/net/dev - if [ $? != 0 ]; - then - echo "OUTSIDE_IF (${OUTSIDE_IF}) is not listed as an interface in /proc/net/dev." - exit 1 - fi -fi - -if [ ${INSIDE_IF} = ${OUTSIDE_IF} ]; -then - echo "INSIDE_IF and OUTSIDE_IF are not allowed to be the same device!" - exit 1 -fi - -# Find the iptables tool... -# -IPT=`which iptables 2>/dev/null` -if [ X${IPT} = "X" ]; -then - echo "Unable to locate iptables. Please ensure you have it installed." - exit 1 -fi - -# Check to see if iptables is available by looking in /proc -# -# This basically ensures that the user's already loaded the iptables -# modules -# -if [ ! -f /proc/net/ip_tables_names ]; -then - echo "Unable to find iptables information in /proc." - exit 1 -fi - -# Check we have root privs -if [ $UID != "0" ]; -then - echo "iptables requires root privs to run." - exit 1 -fi - -echo "--------------------------------------------------------------" -echo "WARNING: This script has not been production tested." -echo " Uncomment the IPT_X="\$IPT" line if you're brave!" -echo " The following is what would be done..." -echo "--------------------------------------------------------------" - -IPT_X="echo $IPT" -# IPT_X=$IPT - -# Create new chains or flush existing ones with these names. -# -newchain REAIM_IN -newchain REAIM_PRE "-t nat" - -# Add the AIM accept rules to the outside interface... -$IPT_X -I REAIM_IN 1 -i ${OUTSIDE_IF} -p tcp --dport 4443 -j ACCEPT -$IPT_X -I REAIM_IN 1 -i ${OUTSIDE_IF} -p tcp --dport 5190 -j ACCEPT -$IPT_X -I REAIM_IN 1 -i ${OUTSIDE_IF} -p tcp --dport 5566 -j ACCEPT - -# Add the MSN accept rules to the outside interface... -$IPT_X -I REAIM_IN 1 -i ${OUTSIDE_IF} -p tcp --dport 1864 -j ACCEPT - -# Add the DYNAMIC DCC port range to the outside interface... -$IPT_X -I REAIM_IN 1 -i ${OUTSIDE_IF} -p tcp --dport 40000:40099 -j ACCEPT - -# Add the AIM port interception rules to the inside interface... -$IPT_X -I REAIM_PRE 1 -t nat -i ${INSIDE_IF} -p tcp --dport 5190 -j REDIRECT --to-port 5190 -$IPT_X -I REAIM_IN 1 -i ${INSIDE_IF} -p tcp --dport 4443 -j ACCEPT -$IPT_X -I REAIM_IN 1 -i ${INSIDE_IF} -p tcp --dport 5190 -j ACCEPT -$IPT_X -I REAIM_IN 1 -i ${INSIDE_IF} -p tcp --dport 5566 -j ACCEPT - -# Add the MSN port interception rules to the inside interface... -$IPT_X -I REAIM_PRE 1 -t nat -i ${INSIDE_IF} -p tcp --dport 1863 -j REDIRECT --to-port 1863 -$IPT_X -I REAIM_IN 1 -i ${INSIDE_IF} -p tcp --dport 1863:1864 -j ACCEPT - - -# Add the REAIM_* chains to the appropriate place, but only if they -# didn't already exist. -$IPT -L INPUT -n | grep "^REAIM_IN " > /dev/null -if [ $? = 1 ]; -then - $IPT_X -I INPUT 1 -j REAIM_IN -fi - -$IPT -L PREROUTING -t nat -n | grep "^REAIM_PRE " > /dev/null -if [ $? = 1 ]; -then - $IPT_X -I PREROUTING 1 -t nat -j REAIM_PRE -fi