aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xconfig/fwbuilder/demeter.fw36
-rw-r--r--config/fwbuilder/demeter.fwb4
2 files changed, 20 insertions, 20 deletions
diff --git a/config/fwbuilder/demeter.fw b/config/fwbuilder/demeter.fw
index af0e36ed..86f101e2 100755
--- a/config/fwbuilder/demeter.fw
+++ b/config/fwbuilder/demeter.fw
@@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v5.3.7
#
-# Generated Sat Jul 3 20:39:41 2021 CEST by huettel
+# Generated Sat Jul 3 20:58:57 2021 CEST by huettel
#
# files: * demeter.fw /etc/demeter.fw
#
@@ -290,8 +290,8 @@ load_modules() {
verify_interfaces() {
:
- echo "Verifying interfaces: eth0 lo"
- for i in eth0 lo ; do
+ echo "Verifying interfaces: enp9s0 lo"
+ for i in enp9s0 lo ; do
$IP link show "$i" > /dev/null 2>&1 || {
log "Interface $i does not exist"
exit 1
@@ -318,10 +318,10 @@ configure_interfaces() {
:
# Configure interfaces
update_addresses_of_interface "lo 127.0.0.1/8" ""
- getaddr eth0 i_eth0
- getaddr6 eth0 i_eth0_v6
- getnet eth0 i_eth0_network
- getnet6 eth0 i_eth0_v6_network
+ getaddr enp9s0 i_enp9s0
+ getaddr6 enp9s0 i_enp9s0_v6
+ getnet enp9s0 i_enp9s0_network
+ getnet6 enp9s0 i_enp9s0_v6_network
}
script_body() {
@@ -341,19 +341,19 @@ script_body() {
# ================ Table 'filter', rule set Policy
#
- # Rule 0 (eth0)
+ # Rule 0 (enp9s0)
#
- echo "Rule 0 (eth0)"
+ echo "Rule 0 (enp9s0)"
#
# anti spoofing rule
$IPTABLES -N In_RULE_0
- for i_eth0 in $i_eth0_list
+ for i_enp9s0 in $i_enp9s0_list
do
- test -n "$i_eth0" && $IPTABLES -A INPUT -i eth0 -s $i_eth0 -m state --state NEW -j In_RULE_0
+ test -n "$i_enp9s0" && $IPTABLES -A INPUT -i enp9s0 -s $i_enp9s0 -m state --state NEW -j In_RULE_0
done
- for i_eth0 in $i_eth0_list
+ for i_enp9s0 in $i_enp9s0_list
do
- test -n "$i_eth0" && $IPTABLES -A FORWARD -i eth0 -s $i_eth0 -m state --state NEW -j In_RULE_0
+ test -n "$i_enp9s0" && $IPTABLES -A FORWARD -i enp9s0 -s $i_enp9s0 -m state --state NEW -j In_RULE_0
done
$IPTABLES -A In_RULE_0 -j LOG --log-level info --log-prefix "RULE 0 -- DENY "
$IPTABLES -A In_RULE_0 -j DROP
@@ -372,9 +372,9 @@ script_body() {
# SSH Access to the host; useful ICMP
# types; ping request
$IPTABLES -N Cid4543X4142577.0
- for i_eth0 in $i_eth0_list
+ for i_enp9s0 in $i_enp9s0_list
do
- test -n "$i_eth0" && $IPTABLES -A OUTPUT -d $i_eth0 -m state --state NEW -j Cid4543X4142577.0
+ test -n "$i_enp9s0" && $IPTABLES -A OUTPUT -d $i_enp9s0 -m state --state NEW -j Cid4543X4142577.0
done
$IPTABLES -A Cid4543X4142577.0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A Cid4543X4142577.0 -p icmp -m icmp --icmp-type 0/0 -j ACCEPT
@@ -393,9 +393,9 @@ script_body() {
#
echo "Rule 3 (global)"
#
- for i_eth0 in $i_eth0_list
+ for i_enp9s0 in $i_enp9s0_list
do
- test -n "$i_eth0" && $IPTABLES -A INPUT -s $i_eth0 -m state --state NEW -j ACCEPT
+ test -n "$i_enp9s0" && $IPTABLES -A INPUT -s $i_enp9s0 -m state --state NEW -j ACCEPT
done
$IPTABLES -A OUTPUT -m state --state NEW -j ACCEPT
#
@@ -461,7 +461,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
- log "Activating firewall script generated Sat Jul 3 20:39:41 2021 by huettel"
+ log "Activating firewall script generated Sat Jul 3 20:58:57 2021 by huettel"
check_tools
prolog_commands
check_run_time_address_table_files
diff --git a/config/fwbuilder/demeter.fwb b/config/fwbuilder/demeter.fwb
index 2a433ef3..09e4a983 100644
--- a/config/fwbuilder/demeter.fwb
+++ b/config/fwbuilder/demeter.fwb
@@ -505,7 +505,7 @@
<ServiceGroup id="id1609X4142577" name="TagServices" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id1610X4142577" name="Firewalls" comment="" ro="False">
- <Firewall id="id4464X4142577" host_OS="linux24" lastCompiled="1625337581" lastInstalled="0" lastModified="1625337497" platform="iptables" version="" name="demeter" comment="This is an example of a firewall protecting a host ( a server or a workstation). Only SSH access to the host is permitted. Host has dynamic address." ro="False">
+ <Firewall id="id4464X4142577" host_OS="linux24" lastCompiled="1625338737" lastInstalled="0" lastModified="1625338718" platform="iptables" version="" name="demeter" comment="This is an example of a firewall protecting a host ( a server or a workstation). Only SSH access to the host is permitted. Host has dynamic address." ro="False">
<NAT id="id4482X4142577" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
@@ -607,7 +607,7 @@
<Routing id="id4630X4142577" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
- <Interface id="id4472X4142577" dedicated_failover="False" dyn="True" label="outside" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
+ <Interface id="id4472X4142577" dedicated_failover="False" dyn="True" label="outside" mgmt="False" security_level="0" unnum="False" unprotected="False" name="enp9s0" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id4474X4142577" dedicated_failover="False" dyn="False" label="loopback" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">