Modifica su firewall per regole iptables

2017-05-10 10:35:45 +02:00
parent 468727e8c0
commit d6f3443ad8
1 changed files with 14 additions and 14 deletions
--- a/firewall/firewall_library.php
+++ b/firewall/firewall_library.php
@@ -138,20 +138,20 @@ function genera_int () {
 				if ($stato == 2) $perm = "PERMANENTE"; else $perm = "";
 				$regola  = "### START REGOLA-I$id $perm ###\n";
-				$regola .= "iptables -I PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port\n";
+				$regola .= "iptables -A PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port\n";
        			$regola .= "iptables -N REGOLA-I$id\n";
-				$regola .= "iptables -I REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT\n";
+				$regola .= "iptables -A REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT\n";
-				$regola .= "iptables -I REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT\n";
+				$regola .= "iptables -A REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT\n";
-				$regola .= "iptables -I FORWARD -j REGOLA-I$id\n";
+				$regola .= "iptables -A FORWARD -j REGOLA-I$id\n";
 				$regola .= "### STOP REGOLA-I$id $perm ###\n";
 				array_push($file, $regola);
-				$regola  = "iptables -I PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port; ";
+				$regola  = "iptables -A PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port; ";
        			$regola .= "iptables -N REGOLA-I$id; ";
-				$regola .= "iptables -I REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT; ";
+				$regola .= "iptables -A REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT; ";
-				$regola .= "iptables -I REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT; ";
+				$regola .= "iptables -A REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT; ";
-				$regola .= "iptables -I FORWARD -j REGOLA-I$id; ";
+				$regola .= "iptables -A FORWARD -j REGOLA-I$id; ";
 				$esegui['REGOLA-I'.$id] = $regola;
 	}
@@ -250,17 +250,17 @@ function genera_ext () {
 				$regola  = "### START REGOLA-U$id $perm ###\n";
 				$regola .= "iptables -N REGOLA-U$id\n";
-				$regola .= "iptables -I REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT\n";
+				$regola .= "iptables -A REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT\n";
-				$regola .= "iptables -I REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT\n";
+				$regola .= "iptables -A REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT\n";
-				$regola .= "iptables -I FORWARD -j REGOLA-U$id\n";
+				$regola .= "iptables -A FORWARD -j REGOLA-U$id\n";
 				$regola .= "### STOP REGOLA-U$id $perm ###\n";
 				array_push($file, $regola);
 				$regola  = "iptables -N REGOLA-U$id; ";
-				$regola .= "iptables -I REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT; ";
+				$regola .= "iptables -A REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT; ";
-				$regola .= "iptables -I REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT; ";
+				$regola .= "iptables -A REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT; ";
-				$regola .= "iptables -I FORWARD -j REGOLA-U$id";
+				$regola .= "iptables -A FORWARD -j REGOLA-U$id";
 				$esegui['REGOLA-U'.$id] = $regola;
 	}