mirror of
https://github.com/firehol/firehol.git
synced 2024-06-30 19:02:21 +00:00
Command line argument 'panic' does not call the system's iptables script
but blocks all traffic by itself, since many systems do not have the 'panic' argument.
This commit is contained in:
parent
e0b1570dd2
commit
9335770dca
@ -47,7 +47,13 @@ FireHOL has been designed to be a startup service. As such, FireHOL accepts all
|
|||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr> <td><b>panic</td>
|
<tr> <td><b>panic</td>
|
||||||
<td> Executes <b>/etc/init.d/iptables panic</b>
|
<td> It removes all rules from the running firewall and then it DROPs all
|
||||||
|
traffic on all iptables tables (mangle, nat, filter) and pre-defined chains
|
||||||
|
(PREROUTING, INPUT, FORWARD, OUTPUT, POSTROUTING), thus blocking all IP
|
||||||
|
communication. DROPing is not done by changing the default policy to DROP, but
|
||||||
|
by adding just one rule per table/chain to drop all traffic, because the default
|
||||||
|
iptables scripts supplied by many systems (including RedHat 8) do not reset
|
||||||
|
all the chains to ACCEPT when starting (FireHOL resets them correctly).
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr> <td bgcolor="#EEEEEE"><b>save</td>
|
<tr> <td bgcolor="#EEEEEE"><b>save</td>
|
||||||
@ -183,7 +189,7 @@ its line number in the original configuration file.
|
|||||||
<tr><td align=center valign=middle>
|
<tr><td align=center valign=middle>
|
||||||
<A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=58425&type=5" width="210" height="62" border="0" alt="SourceForge Logo"></A>
|
<A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=58425&type=5" width="210" height="62" border="0" alt="SourceForge Logo"></A>
|
||||||
</td><td align=center valign=middle>
|
</td><td align=center valign=middle>
|
||||||
<small>$Id: invoking.html,v 1.8 2003/02/26 22:26:20 ktsaou Exp $</small>
|
<small>$Id: invoking.html,v 1.9 2003/03/14 20:59:09 ktsaou Exp $</small>
|
||||||
<p>
|
<p>
|
||||||
<b>FireHOL</b>, a firewall for humans...<br>
|
<b>FireHOL</b>, a firewall for humans...<br>
|
||||||
© Copyright 2002
|
© Copyright 2002
|
||||||
|
33
firehol.sh
33
firehol.sh
@ -10,7 +10,7 @@
|
|||||||
#
|
#
|
||||||
# config: /etc/firehol.conf
|
# config: /etc/firehol.conf
|
||||||
#
|
#
|
||||||
# $Id: firehol.sh,v 1.110 2003/03/14 20:36:52 ktsaou Exp $
|
# $Id: firehol.sh,v 1.111 2003/03/14 20:59:07 ktsaou Exp $
|
||||||
#
|
#
|
||||||
FIREHOL_FILE="${0}"
|
FIREHOL_FILE="${0}"
|
||||||
|
|
||||||
@ -3148,8 +3148,27 @@ case "${arg}" in
|
|||||||
;;
|
;;
|
||||||
|
|
||||||
panic)
|
panic)
|
||||||
/etc/init.d/iptables panic
|
echo -n $"FireHOL: Blocking all communications:"
|
||||||
exit $?
|
/sbin/modprobe ip_tables >/dev/null 2>&1
|
||||||
|
tables=`cat /proc/net/ip_tables_names`
|
||||||
|
for t in ${tables}
|
||||||
|
do
|
||||||
|
/sbin/iptables -t "${t}" -F
|
||||||
|
/sbin/iptables -t "${t}" -X
|
||||||
|
/sbin/iptables -t "${t}" -Z
|
||||||
|
|
||||||
|
# Find all default chains in this table.
|
||||||
|
chains=`/sbin/iptables -t "${t}" -nL | grep "^Chain " | cut -d ' ' -f 2`
|
||||||
|
for c in ${chains}
|
||||||
|
do
|
||||||
|
/sbin/iptables -t "${t}" -P "${c}" ACCEPT
|
||||||
|
/sbin/iptables -t "${t}" -A "${c}" -j DROP
|
||||||
|
done
|
||||||
|
done
|
||||||
|
success $"FireHOL: Blocking all communications:"
|
||||||
|
echo
|
||||||
|
|
||||||
|
exit 0
|
||||||
;;
|
;;
|
||||||
|
|
||||||
save)
|
save)
|
||||||
@ -3193,7 +3212,7 @@ case "${arg}" in
|
|||||||
else
|
else
|
||||||
|
|
||||||
cat <<"EOF"
|
cat <<"EOF"
|
||||||
$Id: firehol.sh,v 1.110 2003/03/14 20:36:52 ktsaou Exp $
|
$Id: firehol.sh,v 1.111 2003/03/14 20:59:07 ktsaou Exp $
|
||||||
(C) Copyright 2002, Costa Tsaousis <costa@tsaousis.gr>
|
(C) Copyright 2002, Costa Tsaousis <costa@tsaousis.gr>
|
||||||
FireHOL is distributed under GPL.
|
FireHOL is distributed under GPL.
|
||||||
|
|
||||||
@ -3376,7 +3395,7 @@ then
|
|||||||
|
|
||||||
cat <<"EOF"
|
cat <<"EOF"
|
||||||
|
|
||||||
$Id: firehol.sh,v 1.110 2003/03/14 20:36:52 ktsaou Exp $
|
$Id: firehol.sh,v 1.111 2003/03/14 20:59:07 ktsaou Exp $
|
||||||
(C) Copyright 2002, Costa Tsaousis <costa@tsaousis.gr>
|
(C) Copyright 2002, Costa Tsaousis <costa@tsaousis.gr>
|
||||||
FireHOL is distributed under GPL.
|
FireHOL is distributed under GPL.
|
||||||
Home Page: http://firehol.sourceforge.net
|
Home Page: http://firehol.sourceforge.net
|
||||||
@ -3584,7 +3603,7 @@ then
|
|||||||
|
|
||||||
cat >&2 <<"EOF"
|
cat >&2 <<"EOF"
|
||||||
|
|
||||||
$Id: firehol.sh,v 1.110 2003/03/14 20:36:52 ktsaou Exp $
|
$Id: firehol.sh,v 1.111 2003/03/14 20:59:07 ktsaou Exp $
|
||||||
(C) Copyright 2002, Costa Tsaousis <costa@tsaousis.gr>
|
(C) Copyright 2002, Costa Tsaousis <costa@tsaousis.gr>
|
||||||
FireHOL is distributed under GPL.
|
FireHOL is distributed under GPL.
|
||||||
Home Page: http://firehol.sourceforge.net
|
Home Page: http://firehol.sourceforge.net
|
||||||
@ -3677,7 +3696,7 @@ EOF
|
|||||||
echo "# "
|
echo "# "
|
||||||
|
|
||||||
cat <<"EOF"
|
cat <<"EOF"
|
||||||
# $Id: firehol.sh,v 1.110 2003/03/14 20:36:52 ktsaou Exp $
|
# $Id: firehol.sh,v 1.111 2003/03/14 20:59:07 ktsaou Exp $
|
||||||
# (C) Copyright 2002, Costa Tsaousis <costa@tsaousis.gr>
|
# (C) Copyright 2002, Costa Tsaousis <costa@tsaousis.gr>
|
||||||
# FireHOL is distributed under GPL.
|
# FireHOL is distributed under GPL.
|
||||||
# Home Page: http://firehol.sourceforge.net
|
# Home Page: http://firehol.sourceforge.net
|
||||||
|
Loading…
Reference in New Issue
Block a user