From d6f3443ad83baf53b1b12f21add7851304284e42 Mon Sep 17 00:00:00 2001 From: Claudio Maffioletti Date: Wed, 10 May 2017 10:35:45 +0200 Subject: [PATCH] Modifica su firewall per regole iptables --- firewall/firewall_library.php | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/firewall/firewall_library.php b/firewall/firewall_library.php index f67485c..f2cd7d9 100644 --- a/firewall/firewall_library.php +++ b/firewall/firewall_library.php @@ -138,20 +138,20 @@ function genera_int () { if ($stato == 2) $perm = "PERMANENTE"; else $perm = ""; $regola = "### START REGOLA-I$id $perm ###\n"; - $regola .= "iptables -I PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port\n"; + $regola .= "iptables -A PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port\n"; $regola .= "iptables -N REGOLA-I$id\n"; - $regola .= "iptables -I REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT\n"; - $regola .= "iptables -I REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT\n"; - $regola .= "iptables -I FORWARD -j REGOLA-I$id\n"; + $regola .= "iptables -A REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT\n"; + $regola .= "iptables -A REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT\n"; + $regola .= "iptables -A FORWARD -j REGOLA-I$id\n"; $regola .= "### STOP REGOLA-I$id $perm ###\n"; array_push($file, $regola); - $regola = "iptables -I PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port; "; + $regola = "iptables -A PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port; "; $regola .= "iptables -N REGOLA-I$id; "; - $regola .= "iptables -I REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT; "; - $regola .= "iptables -I REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT; "; - $regola .= "iptables -I FORWARD -j REGOLA-I$id; "; + $regola .= "iptables -A REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT; "; + $regola .= "iptables -A REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT; "; + $regola .= "iptables -A FORWARD -j REGOLA-I$id; "; $esegui['REGOLA-I'.$id] = $regola; } @@ -250,17 +250,17 @@ function genera_ext () { $regola = "### START REGOLA-U$id $perm ###\n"; $regola .= "iptables -N REGOLA-U$id\n"; - $regola .= "iptables -I REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT\n"; - $regola .= "iptables -I REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT\n"; - $regola .= "iptables -I FORWARD -j REGOLA-U$id\n"; + $regola .= "iptables -A REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT\n"; + $regola .= "iptables -A REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT\n"; + $regola .= "iptables -A FORWARD -j REGOLA-U$id\n"; $regola .= "### STOP REGOLA-U$id $perm ###\n"; array_push($file, $regola); $regola = "iptables -N REGOLA-U$id; "; - $regola .= "iptables -I REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT; "; - $regola .= "iptables -I REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT; "; - $regola .= "iptables -I FORWARD -j REGOLA-U$id"; + $regola .= "iptables -A REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT; "; + $regola .= "iptables -A REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT; "; + $regola .= "iptables -A FORWARD -j REGOLA-U$id"; $esegui['REGOLA-U'.$id] = $regola; }