Home Explore Help
Sign In
yosoyhendrix
/
vesta
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

fix for missing chain after reboot

Serghey Rodin 10 years ago
parent
d79be2ca68
commit
1ed911f78f
1 changed files with 22 additions and 12 deletions
Split View Show Diff Stats
  1. 22 12
      bin/v-update-firewall

+ 22 - 12
bin/v-update-firewall
View File 

@@ -132,19 +132,29 @@ fi
 
 
 # Checking fail2ban support
 
 if [ ! -z "$FIREWALL_EXTENSION" ]; then
 
-    chains=$(cat $VESTA/data/firewall/chains.conf 2>/dev/null)
 
-fi
 
-for chain in $chains; do
 
-    eval $chain
 
-    if [[ "$PORT" =~ ,|-|: ]] ; then
 
-        port="-m multiport --dports $PORT"
 
-    else
 
-        port="--dport $PORT"
 
-    fi
 
-    echo "$iptables -I INPUT -p $PROTOCOL $port -j fail2ban-$CHAIN" > $tmp
 
-    bash $tmp
 
+    for chain in $(cat $VESTA/data/firewall/chains.conf 2>/dev/null); do
 
+        eval $chain
 
+        if [[ "$PORT" =~ ,|-|: ]] ; then
 
+            port="-m multiport --dports $PORT"
 
+        else
 
+            port="--dport $PORT"
 
+        fi
 
+        echo "$iptables -N fail2ban-$CHAIN" >> $tmp
 
+        echo "$iptables -F fail2ban-$CHAIN" >> $tmp
 
+        echo "$iptables -I fail2ban-$CHAIN -s 0.0.0.0/0 -j RETURN" >> $tmp
 
+        echo "$iptables -I INPUT -p $PROTOCOL $port -j fail2ban-$CHAIN" >>$tmp
 
+    done
 
+    bash $tmp 2>/dev/null
 
     rm -f $tmp
 
-done
 
+
 
+    for ban in $(cat $VESTA/data/firewall/banlist.conf 2>/dev/null); do
 
+        eval $ban
 
+        echo -n "$iptables -I fail2ban-$CHAIN 1 -s $IP" >> $tmp
 
+        echo " -j REJECT --reject-with icmp-port-unreachable" >> $tmp
 
+    done
 
+    bash $tmp 2>/dev/null
 
+    rm -f $tmp
 
+fi
 
 
 # Saving rules to the master iptables file
 
 if [ -e "/etc/redhat-release" ]; then