diff options
-rwxr-xr-x | config/fwbuilder/demeter.fw | 36 | ||||
-rw-r--r-- | config/fwbuilder/demeter.fwb | 4 |
2 files changed, 20 insertions, 20 deletions
diff --git a/config/fwbuilder/demeter.fw b/config/fwbuilder/demeter.fw index af0e36ed..86f101e2 100755 --- a/config/fwbuilder/demeter.fw +++ b/config/fwbuilder/demeter.fw @@ -4,7 +4,7 @@ # # Firewall Builder fwb_ipt v5.3.7 # -# Generated Sat Jul 3 20:39:41 2021 CEST by huettel +# Generated Sat Jul 3 20:58:57 2021 CEST by huettel # # files: * demeter.fw /etc/demeter.fw # @@ -290,8 +290,8 @@ load_modules() { verify_interfaces() { : - echo "Verifying interfaces: eth0 lo" - for i in eth0 lo ; do + echo "Verifying interfaces: enp9s0 lo" + for i in enp9s0 lo ; do $IP link show "$i" > /dev/null 2>&1 || { log "Interface $i does not exist" exit 1 @@ -318,10 +318,10 @@ configure_interfaces() { : # Configure interfaces update_addresses_of_interface "lo 127.0.0.1/8" "" - getaddr eth0 i_eth0 - getaddr6 eth0 i_eth0_v6 - getnet eth0 i_eth0_network - getnet6 eth0 i_eth0_v6_network + getaddr enp9s0 i_enp9s0 + getaddr6 enp9s0 i_enp9s0_v6 + getnet enp9s0 i_enp9s0_network + getnet6 enp9s0 i_enp9s0_v6_network } script_body() { @@ -341,19 +341,19 @@ script_body() { # ================ Table 'filter', rule set Policy # - # Rule 0 (eth0) + # Rule 0 (enp9s0) # - echo "Rule 0 (eth0)" + echo "Rule 0 (enp9s0)" # # anti spoofing rule $IPTABLES -N In_RULE_0 - for i_eth0 in $i_eth0_list + for i_enp9s0 in $i_enp9s0_list do - test -n "$i_eth0" && $IPTABLES -A INPUT -i eth0 -s $i_eth0 -m state --state NEW -j In_RULE_0 + test -n "$i_enp9s0" && $IPTABLES -A INPUT -i enp9s0 -s $i_enp9s0 -m state --state NEW -j In_RULE_0 done - for i_eth0 in $i_eth0_list + for i_enp9s0 in $i_enp9s0_list do - test -n "$i_eth0" && $IPTABLES -A FORWARD -i eth0 -s $i_eth0 -m state --state NEW -j In_RULE_0 + test -n "$i_enp9s0" && $IPTABLES -A FORWARD -i enp9s0 -s $i_enp9s0 -m state --state NEW -j In_RULE_0 done $IPTABLES -A In_RULE_0 -j LOG --log-level info --log-prefix "RULE 0 -- DENY " $IPTABLES -A In_RULE_0 -j DROP @@ -372,9 +372,9 @@ script_body() { # SSH Access to the host; useful ICMP # types; ping request $IPTABLES -N Cid4543X4142577.0 - for i_eth0 in $i_eth0_list + for i_enp9s0 in $i_enp9s0_list do - test -n "$i_eth0" && $IPTABLES -A OUTPUT -d $i_eth0 -m state --state NEW -j Cid4543X4142577.0 + test -n "$i_enp9s0" && $IPTABLES -A OUTPUT -d $i_enp9s0 -m state --state NEW -j Cid4543X4142577.0 done $IPTABLES -A Cid4543X4142577.0 -p icmp -m icmp --icmp-type 3 -j ACCEPT $IPTABLES -A Cid4543X4142577.0 -p icmp -m icmp --icmp-type 0/0 -j ACCEPT @@ -393,9 +393,9 @@ script_body() { # echo "Rule 3 (global)" # - for i_eth0 in $i_eth0_list + for i_enp9s0 in $i_enp9s0_list do - test -n "$i_eth0" && $IPTABLES -A INPUT -s $i_eth0 -m state --state NEW -j ACCEPT + test -n "$i_enp9s0" && $IPTABLES -A INPUT -s $i_enp9s0 -m state --state NEW -j ACCEPT done $IPTABLES -A OUTPUT -m state --state NEW -j ACCEPT # @@ -461,7 +461,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat Jul 3 20:39:41 2021 by huettel" + log "Activating firewall script generated Sat Jul 3 20:58:57 2021 by huettel" check_tools prolog_commands check_run_time_address_table_files diff --git a/config/fwbuilder/demeter.fwb b/config/fwbuilder/demeter.fwb index 2a433ef3..09e4a983 100644 --- a/config/fwbuilder/demeter.fwb +++ b/config/fwbuilder/demeter.fwb @@ -505,7 +505,7 @@ <ServiceGroup id="id1609X4142577" name="TagServices" comment="" ro="False"/> </ServiceGroup> <ObjectGroup id="id1610X4142577" name="Firewalls" comment="" ro="False"> - <Firewall id="id4464X4142577" host_OS="linux24" lastCompiled="1625337581" lastInstalled="0" lastModified="1625337497" platform="iptables" version="" name="demeter" comment="This is an example of a firewall protecting a host ( a server or a workstation). Only SSH access to the host is permitted. Host has dynamic address." ro="False"> + <Firewall id="id4464X4142577" host_OS="linux24" lastCompiled="1625338737" lastInstalled="0" lastModified="1625338718" platform="iptables" version="" name="demeter" comment="This is an example of a firewall protecting a host ( a server or a workstation). Only SSH access to the host is permitted. Host has dynamic address." ro="False"> <NAT id="id4482X4142577" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -607,7 +607,7 @@ <Routing id="id4630X4142577" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </Routing> - <Interface id="id4472X4142577" dedicated_failover="False" dyn="True" label="outside" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False"> + <Interface id="id4472X4142577" dedicated_failover="False" dyn="True" label="outside" mgmt="False" security_level="0" unnum="False" unprotected="False" name="enp9s0" comment="" ro="False"> <InterfaceOptions/> </Interface> <Interface id="id4474X4142577" dedicated_failover="False" dyn="False" label="loopback" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False"> |