default reject rules removing

8 years ago · 1ca80d2dc3
parent e079e11397
commit 1ca80d2dc3
3 changed files with 12 additions and 8 deletions
--- a/ipsec/iptables-setup.sh
+++ b/ipsec/iptables-setup.sh
@ -98,6 +98,9 @@ eval iptables -A OUTPUT -p esp -j ACCEPT $COMMENT
 eval iptables -A INPUT -p ah -j ACCEPT $COMMENT
 eval iptables -A OUTPUT -p ah -j ACCEPT $COMMENT

+# remove standart REJECT rules
+iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
+iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited

 iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
 iptables -F
--- a/openvpn/iptables-setup.sh
+++ b/openvpn/iptables-setup.sh
@ -85,6 +85,10 @@ eval iptables -A OUTPUT -o tun+ -j ACCEPT $COMMENT
 eval iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT $COMMENT
 eval iptables -A OUTPUT -p udp -m udp --sport 1194 -j ACCEPT $COMMENT

+# remove standart REJECT rules
+iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
+iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
+
 iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
 iptables -F
 iptables-restore < $IPTABLES
--- a/pptp/iptables-setup.sh
+++ b/pptp/iptables-setup.sh
@ -3,13 +3,6 @@
 DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
 source $DIR/env.sh

-if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
-	systemctl enable iptables
-	systemctl stop firewalld
-	systemctl disable firewalld
-	systemctl start iptables
-fi
-
 COMMENT=" -m comment --comment \"PPTP\""

 if [[ ! -e $IPTABLES ]]; then
@ -35,7 +28,7 @@ done

 # detect default gateway interface
 echo "Found next network interfaces:"
-ifconfig -a | sed 's/[: \t].*//;/^\(lo\|\)$/d'
+ifconfig -a | sed 's/[ \t].*//;/^\(lo\|\)$/d'
 echo
 GATE=$(route | grep '^default' | grep -o '[^ ]*$')
 read -p "Enter your external network interface: " -i $GATE -e GATE
@ -82,6 +75,10 @@ eval iptables -A OUTPUT -p tcp -m tcp --sport 1723 -j ACCEPT $COMMENT
 eval iptables -A INPUT -p gre -j ACCEPT $COMMENT
 eval iptables -A OUTPUT -p gre -j ACCEPT $COMMENT

+# remove standart REJECT rules
+iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
+iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
+
 iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
 iptables -F
 iptables-restore < $IPTABLES