From: Bruce S. <bl...@us...> - 2009-06-10 01:07:53
|
Update of /cvsroot/devil-linux/build/config/etc/init.d In directory fdv4jf1.ch3.sourceforge.com:/tmp/cvs-serv18459 Modified Files: firewall.rules.2nic firewall.rules.3nic Log Message: Fix obsolete rules Index: firewall.rules.3nic =================================================================== RCS file: /cvsroot/devil-linux/build/config/etc/init.d/firewall.rules.3nic,v retrieving revision 1.13 retrieving revision 1.14 diff -u -d -r1.13 -r1.14 --- firewall.rules.3nic 10 Aug 2005 20:38:51 -0000 1.13 +++ firewall.rules.3nic 10 Jun 2009 01:07:50 -0000 1.14 @@ -103,6 +103,10 @@ ${IPTABLES} -A INPUT -p icmp -j ACCEPT ${IPTABLES} -A OUTPUT -p icmp -j ACCEPT +# Accept DNS requests from the DMZ +${IPTABLES} -A INPUT -p TCP -i ${DMZ_DEV} --dport 53 -j ACCEPT +${IPTABLES} -A INPUT -p UDP -i ${DMZ_DEV} --dport 53 -j ACCEPT + # Fast reject for Ident to eliminate email delays. ${IPTABLES} -A INPUT -p TCP --dport 113 -i ${OUT_DEV} -j REJECT --reject-with tcp-reset @@ -184,12 +188,8 @@ ${IPTABLES} -A FORWARD -m state --state NEW -i ${DMZ_DEV} -j ACCEPT # Prevent NetBIOS and Samba from leaking. -${IPTABLES} -t nat -A PREROUTING -p TCP --dport 135 -j DROP -${IPTABLES} -t nat -A PREROUTING -p UDP --dport 135 -j DROP -${IPTABLES} -t nat -A PREROUTING -p TCP --dport 137:139 -j DROP -${IPTABLES} -t nat -A PREROUTING -p UDP --dport 137:139 -j DROP -${IPTABLES} -t nat -A PREROUTING -p TCP --dport 445 -j DROP -${IPTABLES} -t nat -A PREROUTING -p UDP --dport 445 -j DROP +${IPTABLES} -A FORWARD -p TCP -m multiport --dports 135,137:139,445 -j DROP +${IPTABLES} -A FORWARD -p UDP -m multiport --dports 135,137:139,445 -j DROP # Log invalid packets from DROP policy: if [ -n "$LOGGING" ] ; then Index: firewall.rules.2nic =================================================================== RCS file: /cvsroot/devil-linux/build/config/etc/init.d/firewall.rules.2nic,v retrieving revision 1.16 retrieving revision 1.17 diff -u -d -r1.16 -r1.17 --- firewall.rules.2nic 21 Sep 2005 12:36:30 -0000 1.16 +++ firewall.rules.2nic 10 Jun 2009 01:07:49 -0000 1.17 @@ -160,12 +160,8 @@ ${IPTABLES} -A FORWARD -m state --state NEW -i ${INT_DEV} -j ACCEPT # Prevent NetBIOS and Samba from leaking. -${IPTABLES} -t nat -A PREROUTING -p TCP --dport 135 -j DROP -${IPTABLES} -t nat -A PREROUTING -p UDP --dport 135 -j DROP -${IPTABLES} -t nat -A PREROUTING -p TCP --dport 137:139 -j DROP -${IPTABLES} -t nat -A PREROUTING -p UDP --dport 137:139 -j DROP -${IPTABLES} -t nat -A PREROUTING -p TCP --dport 445 -j DROP -${IPTABLES} -t nat -A PREROUTING -p UDP --dport 445 -j DROP +${IPTABLES} -A FORWARD -p TCP -m multiport --dports 135,137:139,445 -j DROP +${IPTABLES} -A FORWARD -p UDP -m multiport --dports 135,137:139,445 -j DROP # Log invalid packets from DROP policy: if [ -n "$LOGGING" ] ; then |