Commit 219db71a authored by Hugo Leisink's avatar Hugo Leisink 🎸
Browse files

Release 5.7

parent 16088978
firetable (5.7) stable; urgency=low
* Small improvements.
-- Hugo Leisink <hugo@leisink.net> Mon, 3 Jan 2021 18:56:07 +0100
firetable (5.6) stable; urgency=low
* PHP7 compatibility.
* Added Systemd init script to Debian package
* Small improvements.
-- Hugo Leisink <hugo@leisink.net> Wed, 31 Aug 2016 13:01:28 +0200
firetable (5.5) stable; urgency=low
* Using ip instead of ifconfig to prevent language issues.
......@@ -148,7 +162,7 @@ firetable (3.1) stable; urgency=low
firetable (3.0) stable; urgency=low
* Splitted firewallscript (/usr/sbin/firetable and /etc/init.d/firetable).
* Splitted firewall script (/usr/sbin/firetable and /etc/init.d/firetable).
* /etc/firetable/interfaces removed.
* /etc/default/firetable added.
......
Firetable
=========
Firetable is a tool written in PHP to maintain IPtables firewalls under Linux. Firetable has been written by Hugo Leisink <hugo@leisink.net>.
Firetable is a tool written in PHP to maintain IPtables firewalls under Linux. Firetable has been written by Hugo Leisink \<hugo@leisink.net\>. The source can be found at https://gitlab.com/hsleisink/firetable.
Installation
------------
To install Firetable, run 'make install'. This will install the Firetable script in /usr/sbin and the Firetable configuration in /etc/firetable. Use the DESTDIR parameter to install Firetable in a different location. In that case, also change the CONFIG_DIR setting inside the Firetable script.
To install Firetable, run 'make install'. This will install the Firetable script in /usr/sbin and the Firetable configuration in /etc/firetable. Use the DESTDIR parameter to install Firetable in a different location. In that case, also change the CONFIG\_DIR setting inside the Firetable script.
To create a Firetable Debian package, execute the script 'extra/make_debian_package'.
To create a Debian package, execute the script 'extra/make\_debian\_package'.
......@@ -17,3 +17,8 @@ enable_on_boot = all
# notice, warning, error, crit, alert or panic.
#
log_priority = info
# Location of the iptables binaries.
#
#iptables4 = /usr/sbin/iptables
#iptables6 = /usr/sbin/ip6tables
......@@ -8,7 +8,7 @@ set subnetmask 32
# Incoming traffic
#
accept incoming tcp to server:{22, 25, 80, 443, 993, 995}
accept incoming tcp to server:{22,25,80,443,993,995}
accept incoming udp to server:53
accept incoming icmp type 11 from anywhere to server # Traceroute
drop incoming udp to anywhere:{137,138}
......
......@@ -8,11 +8,9 @@ set subnetmask 48
# Incoming traffic
#
accept incoming tcp to server.{22, 25, 80, 443, 993, 995}
accept incoming icmp type {1,2,3,4,133,134,136,137} to server
accept incoming icmp type 135 to anywhere
drop incoming udp to anywhere.{137,138}
accept incoming tcp to server.{22,25,80,443,993,995}
accept incoming icmp type {1,2,3,4,133,134,136,137} to anywhere
acce[t incoming udp to anywhere.{137,138}
# Outgoing traffic
#
......
......@@ -2,12 +2,11 @@ Source: firetable
Section: net
Priority: optional
Maintainer: Hugo Leisink <hugo@leisink.net>
Homepage: http://projects.leisink.net/firetable
Homepage: https://gitlab.com/hsleisink/firetable
Standards-Version: 3.6.2
Package: firetable
Architecture: any
Depends: netbase, iptables, php-cli
Conflicts:
Description: IPtables firewall management script
Script to maintain an IPtables firewall
Description: Firetable, the iptables firewall manager
Firetable is written by Hugo Leisink <hugo@leisink.net>.
It was downloaded from http://projects.leisink.net/Firetable.
It was downloaded from https://github.com/hsleisink/firetable
Copyright (C) 2012 by Hugo Leisink <hugo@leisink.net>
......
......@@ -4,7 +4,7 @@ Binary: firetable
Architecture: any
Version: <VERSION>
Maintainer: Hugo Leisink <hugo@leisink.net>
Homepage: http://projects.leisink.net/firetable
Homepage: https://github.com/hsleisink/firetable
Standards-Version: 3.6.2
Build-Depends:<DEPENDS>
Package-List:
......
[Unit]
Description=Firetable, the iptables firewall manager
[Service]
Type=oneshot
ExecStart=/usr/sbin/firetable start
ExecStop=/usr/sbin/firetable stop
RemainAfterExit=true
[Install]
WantedBy=network.target
......@@ -12,6 +12,13 @@
# Description: Firetable, a script for IPtable firewalls
### END INIT INFO
NAME=hiawatha
SCRIPT=/usr/sbin/firetable
# /etc/init.d/hiawatha: start and stop the Hiawatha webserver daemon
test -x $SCRIPT || exit 0
( ${SCRIPT} -\v 2>&1 | grep -q Firetable ) 2>/dev/null || exit 0
# Defaults
if [ -r /etc/firetable/firetable.conf ]; then
......@@ -20,9 +27,9 @@ fi
function firetable {
if [ "${INTERFACES}" = "all" ]; then
/usr/sbin/firetable $1
${SCRIPT} $1
elif [ "${INTERFACES}" != "" ]; then
/usr/sbin/firetable $1 ${INTERFACES}
${SCRIPT} $1 ${INTERFACES}
fi
}
......@@ -30,13 +37,15 @@ case "$1" in
start|stop)
firetable $1
;;
restart|force-reload)
restart)
firetable stop
firetable start
;;
*)
echo "Usage: /etc/init.d/firetable {start|stop|restart|force-reload}"
exit 1
*)
log_action_msg "Usage: /etc/init.d/firetable {start|stop|restart}" || true
exit 1
esac
exit 0
......@@ -190,4 +190,4 @@ Specify the path of the iptables binaries. Default points to /sbin/iptables for
.SH AUTHOR
Firetable is written by Hugo Leisink <hugo@leisink.net> in PHP. More info about Firetable at website:
.br
\fIhttp://projects.leisink.net/\fP
\fIhttps://github.com/hsleisink/firetable\fP
......@@ -13,7 +13,7 @@
* GNU General Public License for more details.
*/
define("VERSION", "5.5");
define("VERSION", "5.6");
define("CONFIG_DIR", "/etc/firetable");
define("NORMAL", "\x1b[0m");
......@@ -128,8 +128,8 @@
private $script = null;
private $server = null;
private $settings = array(
"iptables4" => "/sbin/iptables",
"iptables6" => "/sbin/ip6tables",
"iptables4" => "/usr/sbin/iptables",
"iptables6" => "/usr/sbin/ip6tables",
"enable_ipv4" => false,
"enable_ipv6" => false,
"enable_nat" => false,
......@@ -189,6 +189,8 @@
return false;
}
$previous = "";
$content = array();
while (($line = fgets($fp)) !== false) {
$line = trim(preg_replace('/#.*/', "", $line));
......@@ -198,7 +200,14 @@
$line = str_replace("\t", " ", $line);
$line = preg_replace('/ +/', " ", $line);
if (substr($previous, -1) == "\\") {
array_pop($content);
$line = substr($previous, 0, -1).$line;
}
array_push($content, $line);
$previous = $line;
}
fclose($fp);
......@@ -805,9 +814,9 @@
foreach ($interfaces as $interface) {
if ($this->ip_version == 4) {
$this->server = trim(exec("ip addr list ".$interface." | grep 'inet ' | sed 's/^ *//' | cut -d' ' -f2 | cut -d/ -f1"));
$this->server = trim(exec("ip addr list ".$interface." | grep 'inet ' | sed 's/^ *//' | cut -d' ' -f2 | cut -d/ -f1 | head -n 1"));
} else {
$this->server = trim(exec("ip addr list ".$interface." | grep 'scope global' | grep inet6 | sed 's/^ *//' | cut -d' ' -f2 | cut -d/ -f1"));
$this->server = trim(exec("ip addr list ".$interface." | grep inet6 | grep 'scope global' | sed 's/^ *//' | cut -d' ' -f2 | cut -d/ -f1 | head -n 1"));
}
if ($this->server == "") {
......@@ -1175,8 +1184,12 @@
* ERROR: -
*/
private function show_usage() {
print "Usage: ".$this->script." [-4|-6] {start|stop|restart|debug} [<interface>...]\n";
print " ".$this->script." {flush|status}\n";
print "Usage: ".$this->script." [options]\n";
print "Options: [-4|-6] {start|stop|restart|debug} [<interface>...]\n";
print " flush: flush all firewall rules\n";
print " status: show the active rules\n";
print " -h: show this help information\n";
print " -v: show version information\n";
}
/* Main firetable routine
......@@ -1187,16 +1200,25 @@
*/
public function execute($args) {
if ($this->settings["enable_ipv".$this->ip_version] == false) {
return;
return true;
}
/* Check binaries
*/
$binary = $this->settings["iptables".$this->ip_version];
if (file_exists($binary) == false) {
printf("Binary %s not found.\n", $binary);
return false;
}
$this->script = array_shift($args);
$command = array_shift($args);
if (count($args) == 0) {
if (($dp = opendir(CONFIG_DIR)) == false) {
print "Error reading configuration directory.\n";
return;
return false;
}
while (($file = readdir($dp)) != false) {
......@@ -1245,9 +1267,13 @@
$this->debug = true;
$this->iptables->debug = true;
return $this->start($args);
default:
case "-h":
case "":
$this->show_usage();
return false;
default:
print "Unknown option. Use '-h' for help.\n";
return false;
}
return true;
......@@ -1279,8 +1305,7 @@
error_reporting(E_ALL & ~E_NOTICE);
if ($argv[1] == "-v") {
printf("Firetable v%s (iptables firewall management tool)\n", VERSION);
printf("Copyright (C) by Hugo Leisink <hugo@leisink.net>\n");
printf("Firetable v%s, copyright (C) by Hugo Leisink <hugo@leisink.net>\n", VERSION);
return;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment