github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-21 05:44:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix for missing chain after reboot

Browse source
This commit is contained in:
Serghey Rodin 2015-10-21 18:57:20 +03:00
commit 1ed911f78f
1 changed files with 22 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

22
bin/v-update-firewall
View file

@ -132,19 +132,29 @@ fi
# Checking fail2ban support
if [ ! -z "$FIREWALL_EXTENSION" ]; then
chains=$(cat $VESTA/data/firewall/chains.conf 2>/dev/null)
fi
for chain in $chains; do
for chain in $(cat $VESTA/data/firewall/chains.conf 2>/dev/null); do
eval $chain
if [[ "$PORT" =~ ,|-|: ]] ; then
port="-m multiport --dports $PORT"
else
port="--dport $PORT"
fi
echo "$iptables -I INPUT -p $PROTOCOL $port -j fail2ban-$CHAIN" > $tmp
bash $tmp
echo "$iptables -N fail2ban-$CHAIN" >> $tmp
echo "$iptables -F fail2ban-$CHAIN" >> $tmp
echo "$iptables -I fail2ban-$CHAIN -s 0.0.0.0/0 -j RETURN" >> $tmp
echo "$iptables -I INPUT -p $PROTOCOL $port -j fail2ban-$CHAIN" >>$tmp
done
bash $tmp 2>/dev/null
rm -f $tmp
done
for ban in $(cat $VESTA/data/firewall/banlist.conf 2>/dev/null); do
eval $ban
echo -n "$iptables -I fail2ban-$CHAIN 1 -s $IP" >> $tmp
echo " -j REJECT --reject-with icmp-port-unreachable" >> $tmp
done
bash $tmp 2>/dev/null
rm -f $tmp
fi
# Saving rules to the master iptables file
if [ -e "/etc/redhat-release" ]; then