summaryrefslogtreecommitdiff
path: root/data/originals
diff options
context:
space:
mode:
Diffstat (limited to 'data/originals')
-rw-r--r--data/originals/firewall.local.16720
-rwxr-xr-xdata/originals/firewall.looper50
l---------data/originals/firewall.original1
-rwxr-xr-xdata/originals/rules.d/dns_catchall_redirect.custom132
-rwxr-xr-xdata/originals/rules.d/ntp_catchall_redirect.custom100
5 files changed, 303 insertions, 0 deletions
diff --git a/data/originals/firewall.local.167 b/data/originals/firewall.local.167
new file mode 100644
index 0000000..5e4677f
--- /dev/null
+++ b/data/originals/firewall.local.167
@@ -0,0 +1,20 @@
1#!/bin/sh
2# Used for private firewall rules
3
4# See how we were called.
5case "$1" in
6 start)
7 ## add your 'start' rules here
8 ;;
9 stop)
10 ## add your 'stop' rules here
11 ;;
12 reload)
13 $0 stop
14 $0 start
15 ## add your 'reload' rules here
16 ;;
17 *)
18 echo "Usage: $0 {start|stop|reload}"
19 ;;
20esac
diff --git a/data/originals/firewall.looper b/data/originals/firewall.looper
new file mode 100755
index 0000000..4b9d78e
--- /dev/null
+++ b/data/originals/firewall.looper
@@ -0,0 +1,50 @@
1#!/bin/sh
2#
3# IPFire Custom Rules (icr)
4#
5# Github: https://github.com/MonkeyCat/IPFireCustomRules
6#
7# Loops over the local "rules.d/" subfolder files
8# Forwarding the (start/stop) command to every file
9# which extension is ".on". To enabled multiple
10# custom firewall rulesets!
11#
12# the configuration of the ipfire custom rules (ipfcr)
13# in the local "rules.d/*" sunfolder, is inside the
14# files themself!
15#
16# Use this at your OWN RISK. Not fully supported!
17#
18# License: GPL2
19#
20# icr v0.1 (c) 30 May 2022 code.monkeycat.com
21#
22# Nuff text...
23
24pwd=$PWD
25base=${PWD%/*/*}
26
27case "$1" in
28 start)
29 find $base/rules.d/ -maxdepth 1 -type f \( ! -name . \) -exec bash -c "{} $1" \;
30
31 ;;
32 stop)
33 find $base/rules.d/ -maxdepth 1 -type f \( ! -name . \) -exec bash -c "{} $1" \;
34
35 ;;
36 reload)
37 $0 stop
38 $0 start
39
40 ;;
41 flush)
42 iptables -t nat -F CUSTOMPREROUTING
43 iptables -t nat -F CUSTOMPOSTROUTING
44 iptables -F CUSTOMFORWARD
45
46 ;;
47 *)
48 echo "Usage: $0 {start|stop|reload|flush}"
49 ;;
50esac
diff --git a/data/originals/firewall.original b/data/originals/firewall.original
new file mode 120000
index 0000000..d6f1586
--- /dev/null
+++ b/data/originals/firewall.original
@@ -0,0 +1 @@
firewall.local.167 \ No newline at end of file
diff --git a/data/originals/rules.d/dns_catchall_redirect.custom b/data/originals/rules.d/dns_catchall_redirect.custom
new file mode 100755
index 0000000..6fcd9ef
--- /dev/null
+++ b/data/originals/rules.d/dns_catchall_redirect.custom
@@ -0,0 +1,132 @@
1#!/bin/sh
2#
3# Redirect All DNS Request Traffic To DNS Server on (Internal) Network
4#
5# (Not IPFire itself, for that see: https://community.ipfire.org/t/forcing-all-dns-traffic-from-the-lan-to-the-firewall/3512)
6#
7# Use this at your OWN RISK. It is not fully supported!
8# https://community.ipfire.org/t/redirect-all-time-servers-request-to-time-server-on-internal-network-not-ipfire-itself/7975/2
9#
10# (c) 2022 MonkeyCat.com
11#
12# v0.9 30/May/2022
13
14
15# uncomment if you setup this dns ruleset
16#setup=true
17
18
19
20if $setup
21then
22 echo "Please setup your dns server ip, accepted range and if you want logging!"
23 echo "inside dns_catchall_redirect.* file"
24 exit
25fi
26
27# Our dns server target
28SERVER="10.0.80.2"
29
30# double negation :-) see rule (!)
31ONLY_ACCEPT_INTERNAL="10.0.0.0/8"
32
33LOGGING=true
34
35
36
37# logging prefix
38PREFIX="DNS"
39PORT=53
40
41case "$1" in
42 start)
43 ## add your 'start' rules here
44
45 # dns logging
46 if $LOGGING
47 then
48 echo "$PREFIX Logging Enabled ($SERVER)"
49 # udp
50 iptables -A CUSTOMFORWARD -p udp --dport $PORT -s $SERVER -j LOG --log-prefix "$PREFIX_ACCEPT_PRIVATE "
51 iptables -A CUSTOMFORWARD ! -s $ONLY_ACCEPT_INTERNAL -p udp --dport $PORT -j LOG --log-prefix "$PREFIX_DROP_EXTERNAL "
52 iptables -A CUSTOMFORWARD ! -s $SERVER -p udp --dport $PORT -j LOG --log-prefix "$PREFIX_ACCEPT_INTERNAL "
53 iptables -t nat -A CUSTOMPREROUTING ! -s $SERVER -p udp --dport $PORT -j LOG --log-prefix "$PREFIX_PREROUTE "
54 iptables -t nat -A CUSTOMPOSTROUTING ! -s $SERVER -p udp --dport $PORT -d $SERVER -j LOG --log-prefix "$PREFIX_POSTROUTE "
55 # tcp
56 iptables -A CUSTOMFORWARD -p tcp --dport $PORT -s $SERVER -j LOG --log-prefix "$PREFIX_ACCEPT_PRIVATE "
57 iptables -A CUSTOMFORWARD ! -s $ONLY_ACCEPT_INTERNAL -p tcp --dport $PORT -j LOG --log-prefix "$PREFIX_DROP_EXTERNAL "
58 iptables -A CUSTOMFORWARD ! -s $SERVER -p tcp --dport $PORT -j LOG --log-prefix "$PREFIX_ACCEPT_INTERNAL "
59 iptables -t nat -A CUSTOMPREROUTING ! -s $SERVER -p tcp --dport $PORT -j LOG --log-prefix "$PREFIX_PREROUTE "
60 iptables -t nat -A CUSTOMPOSTROUTING ! -s $SERVER -p tcp --dport $PORT -d $SERVER -j LOG --log-prefix "$PREFIX_POSTROUTE "
61 fi
62
63 # dns
64 echo "$PREFIX Catch All Enabled ($SERVER)"
65 # udp
66 iptables -A CUSTOMFORWARD -p udp --dport $PORT -s $SERVER -j ACCEPT
67 iptables -A CUSTOMFORWARD ! -s $ONLY_ACCEPT_INTERNAL -p udp --dport $PORT -j DROP
68 iptables -A CUSTOMFORWARD ! -s $SERVER -p udp --dport $PORT -j ACCEPT
69 iptables -t nat -A CUSTOMPREROUTING ! -s $SERVER -p udp --dport $PORT -j DNAT --to $SERVER:$PORT
70 iptables -t nat -A CUSTOMPOSTROUTING ! -s $SERVER -p udp --dport $PORT -d $SERVER -j MASQUERADE
71 # tcp
72 iptables -A CUSTOMFORWARD -p tcp --dport $PORT -s $SERVER -j ACCEPT
73 iptables -A CUSTOMFORWARD ! -s $ONLY_ACCEPT_INTERNAL -p tcp --dport $PORT -j DROP
74 iptables -A CUSTOMFORWARD ! -s $SERVER -p tcp --dport $PORT -j ACCEPT
75 iptables -t nat -A CUSTOMPREROUTING ! -s $SERVER -p tcp --dport $PORT -j DNAT --to $SERVER:$PORT
76 iptables -t nat -A CUSTOMPOSTROUTING ! -s $SERVER -p tcp --dport $PORT -d $SERVER -j MASQUERADE
77
78 ;;
79 stop)
80 ## add your 'stop' rules here
81
82
83 # dns logging
84 if $LOGGING
85 then
86 echo $PREFIX Logging Disabled ($SERVER)"
87 # udp
88 iptables -D CUSTOMFORWARD -p udp --dport $PORT -s $SERVER -j LOG --log-prefix "$PREFIX_ACCEPT_PRIVATE "
89 iptables -D CUSTOMFORWARD ! -s $ONLY_ACCEPT_INTERNAL -p udp --dport $PORT -j LOG --log-prefix "$PREFIX_DROP_EXTERNAL "
90 iptables -D CUSTOMFORWARD ! -s $SERVER -p udp --dport $PORT -j LOG --log-prefix "$PREFIX_ACCEPT_INTERNAL "
91 iptables -t nat -D CUSTOMPREROUTING ! -s $SERVER -p udp --dport $PORT -j LOG --log-prefix "$PREFIX_PREROUTE "
92 iptables -t nat -D CUSTOMPOSTROUTING ! -s $SERVER -p udp --dport $PORT -d $SERVER -j LOG --log-prefix "$PREFIX_POSTROUTE "
93 # tcp
94 iptables -D CUSTOMFORWARD -p tcp --dport $PORT -s $SERVER -j LOG --log-prefix "$PREFIX_ACCEPT_PRIVATE "
95 iptables -D CUSTOMFORWARD ! -s $ONLY_ACCEPT_INTERNAL -p tcp --dport $PORT -j LOG --log-prefix "$PREFIX_DROP_EXTERNAL "
96 iptables -D CUSTOMFORWARD ! -s $SERVER -p tcp --dport $PORT -j LOG --log-prefix "$PREFIX_ACCEPT_INTERNAL "
97 iptables -t nat -D CUSTOMPREROUTING ! -s $SERVER -p tcp --dport $PORT -j LOG --log-prefix "$PREFIX_PREROUTE "
98 iptables -t nat -D CUSTOMPOSTROUTING ! -s $SERVER -p tcp --dport $PORT -d $SERVER -j LOG --log-prefix "$PREFIX_POSTROUTE "
99 fi
100
101 # dns
102 echo $PREFIX Catch All Disabled ($SERVER)"
103 # udp
104 iptables -D CUSTOMFORWARD -p udp --dport $PORT -s $SERVER -j ACCEPT
105 iptables -D CUSTOMFORWARD ! -s $ONLY_ACCEPT_INTERNAL -p udp --dport $PORT -j DROP
106 iptables -D CUSTOMFORWARD ! -s $SERVER -p udp --dport $PORT -j ACCEPT
107 iptables -t nat -D CUSTOMPREROUTING ! -s $SERVER -p udp --dport $PORT -j DNAT --to $SERVER:$PORT
108 iptables -t nat -D CUSTOMPOSTROUTING ! -s $SERVER -p udp --dport $PORT -d $SERVER -j MASQUERADE
109 # tcp
110 iptables -D CUSTOMFORWARD -p tcp --dport $PORT -s $SERVER -j ACCEPT
111 iptables -D CUSTOMFORWARD ! -s $ONLY_ACCEPT_INTERNAL -p tcp --dport $PORT -j DROP
112 iptables -D CUSTOMFORWARD ! -s $SERVER -p tcp --dport $PORT -j ACCEPT
113 iptables -t nat -D CUSTOMPREROUTING ! -s $SERVER -p tcp --dport $PORT -j DNAT --to $SERVER:$PORT
114 iptables -t nat -D CUSTOMPOSTROUTING ! -s $SERVER -p tcp --dport $PORT -d $SERVER -j MASQUERADE
115
116 ;;
117 reload)
118 $0 stop
119 $0 start
120 ## add your 'reload' rules here
121
122 ;;
123 flush)
124 iptables -t nat -F CUSTOMPREROUTING
125 iptables -t nat -F CUSTOMPOSTROUTING
126 iptables -F CUSTOMFORWARD
127
128 ;;
129 *)
130 echo "Usage: $0 {start|stop|reload|flush}"
131 ;;
132esac
diff --git a/data/originals/rules.d/ntp_catchall_redirect.custom b/data/originals/rules.d/ntp_catchall_redirect.custom
new file mode 100755
index 0000000..0810740
--- /dev/null
+++ b/data/originals/rules.d/ntp_catchall_redirect.custom
@@ -0,0 +1,100 @@
1#!/bin/sh
2#
3# Redirect All Time Servers Traffic Request To Time Server on (Internal) Network
4#
5# (Not IPFire itself, for that see: https://community.ipfire.org/t/forcing-all-dns-traffic-from-the-lan-to-the-firewall/3512)
6#
7# Use this at your OWN RISK. It is not fully supported!
8# https://community.ipfire.org/t/redirect-all-time-servers-request-to-time-server-on-internal-network-not-ipfire-itself/7975/2
9#
10# (c) 2022 MonkeyCat.com
11#
12# v1.0a 30/May/2022
13
14
15# uncomment if you setup this ntp ruleset
16#setup=true
17
18
19
20if $setup
21then
22 echo "Please setup your time server ip, accepted range and if you want logging!"
23 echo "inside "ntp_catchall_redirect.* file"
24 exit
25fi
26
27# Our timer server target
28SERVER="10.0.0.5"
29
30# double negation :-) see rule (!)
31ONLY_ACCEPT_INTERNAL="10.0.0.0/8"
32
33LOGGING=false
34
35
36
37# logging prefix
38PREFIX="NTP"
39PORT=123
40
41case "$1" in
42 start)
43 # ntp logging
44 if $LOGGING
45 then
46 echo "$PREFIX Logging Enabled ($SERVER)"
47 iptables -A CUSTOMFORWARD -p udp --dport $PORT -s $SERVER -j LOG --log-prefix ""$PREFIX_ACCEPT_PRIVATE "
48 iptables -A CUSTOMFORWARD ! -s $ONLY_ACCEPT_INTERNAL -p udp --dport $PORT -j LOG --log-prefix ""$PREFIX_DROP_EXTERNAL "
49 iptables -A CUSTOMFORWARD ! -s $SERVER -p udp --dport $PORT -j LOG --log-prefix ""$PREFIX_ACCEPT_INTERNAL "
50 iptables -t nat -A CUSTOMPREROUTING ! -s $SERVER -p udp --dport $PORT -j LOG --log-prefix ""$PREFIX_PREROUTE "
51 iptables -t nat -A CUSTOMPOSTROUTING ! -s $SERVER -p udp --dport $PORT -d $SERVER -j LOG --log-prefix ""$PREFIX_POSTROUTE "
52 fi
53
54 # ntp
55 echo "$PREFIX Catch All Enabled ($SERVER)"
56 iptables -A CUSTOMFORWARD -p udp --dport $PORT -s $SERVER -j ACCEPT
57 iptables -A CUSTOMFORWARD ! -s $ONLY_ACCEPT_INTERNAL -p udp --dport $PORT -j DROP
58
59 iptables -A CUSTOMFORWARD ! -s $SERVER -p udp --dport $PORT -j ACCEPT
60 iptables -t nat -A CUSTOMPREROUTING ! -s $SERVER -p udp --dport $PORT -j DNAT --to $SERVER:$PORT
61 iptables -t nat -A CUSTOMPOSTROUTING ! -s $SERVER -p udp --dport $PORT -d $SERVER -j MASQUERADE
62
63 ;;
64 stop)
65 # ntp logging
66 if $LOGGING
67 then
68 echo "$PREFIX Logging Disabled ($SERVER)"
69 iptables -D CUSTOMFORWARD -p udp --dport $PORT -s $SERVER -j LOG --log-prefix ""$PREFIX_ACCEPT_PRIVATE "
70 iptables -D CUSTOMFORWARD ! -s $ONLY_ACCEPT_INTERNAL -p udp --dport $PORT -j LOG --log-prefix ""$PREFIX_DROP_EXTERNAL "
71 iptables -D CUSTOMFORWARD ! -s $SERVER -p udp --dport $PORT -j LOG --log-prefix ""$PREFIX_ACCEPT_INTERNAL "
72 iptables -t nat -D CUSTOMPREROUTING ! -s $SERVER -p udp --dport $PORT -j LOG --log-prefix ""$PREFIX_PREROUTE "
73 iptables -t nat -D CUSTOMPOSTROUTING ! -s $SERVER -p udp --dport $PORT -d $SERVER -j LOG --log-prefix ""$PREFIX_POSTROUTE "
74 fi
75
76 # ntp
77 echo "$PREFIX Catch All Disabled ($SERVER)"
78 iptables -D CUSTOMFORWARD -p udp --dport $PORT -s $SERVER -j ACCEPT
79 iptables -D CUSTOMFORWARD ! -s $ONLY_ACCEPT_INTERNAL -p udp --dport $PORT -j DROP
80 iptables -D CUSTOMFORWARD ! -s $SERVER -p udp --dport $PORT -j ACCEPT
81 iptables -t nat -D CUSTOMPREROUTING ! -s $SERVER -p udp --dport $PORT -j DNAT --to $SERVER:$PORT
82 iptables -t nat -D CUSTOMPOSTROUTING ! -s $SERVER -p udp --dport $PORT -d $SERVER -j MASQUERADE
83
84 ;;
85 reload)
86 $0 stop
87 $0 start
88 ## add your 'reload' rules here
89
90 ;;
91 flush)
92 iptables -t nat -F CUSTOMPREROUTING
93 iptables -t nat -F CUSTOMPOSTROUTING
94 iptables -F CUSTOMFORWARD
95
96 ;;
97 *)
98 echo "Usage: $0 {start|stop|reload|flush}"
99 ;;
100esac