#!/bin/sh [ -r /etc/sysconfig/moblock ] && . /etc/sysconfig/moblock || exit 0 PIDF=/var/run/moblock.pid MODE=nfq if [ -f $PIDF ]; then PID=`cat $PIDF` if [ `ps -p $PID|wc -l` -gt 1 ]; then echo "$0: $PIDF exists and processs seems to be running. Exiting." exit 1; fi; fi; if [ $MODE == "ipq" ]; then modprobe ip_queue TARGET="QUEUE" elif [ $MODE == "nfq" ]; then modprobe ipt_NFQUEUE TARGET="NFQUEUE" fi; modprobe ipt_state # Filter all traffic, edit for your needs iptables -N MOBLOCK_IN iptables -N MOBLOCK_OUT iptables -N MOBLOCK_FW if [ $ACTIVATE_CHAINS -eq 1 ]; then iptables -I INPUT -p all -m state --state NEW -j MOBLOCK_IN iptables -I OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT iptables -I FORWARD -p all -m state --state NEW -j MOBLOCK_FW fi; iptables -I MOBLOCK_IN -p all -j $TARGET #iptables -I MOBLOCK_IN -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -I MOBLOCK_OUT -p all -j $TARGET #iptables -I MOBLOCK_OUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -I MOBLOCK_FW -p all -j $TARGET #iptables -I MOBLOCK_FW -m state --state ESTABLISHED,RELATED -j ACCEPT for PORT in $WHITE_TCP_OUT; do iptables -I MOBLOCK_OUT -p tcp --dport $PORT -j ACCEPT done for PORT in $WHITE_UDP_OUT; do iptables -I MOBLOCK_OUT -p udp --dport $PORT -j ACCEPT done for PORT in $WHITE_TCP_IN; do iptables -I MOBLOCK_IN -p tcp --dport $PORT -j ACCEPT done for PORT in $WHITE_UDP_IN; do iptables -I MOBLOCK_IN -p udp --dport $PORT -j ACCEPT done for PORT in $WHITE_TCP_FORWARD; do iptables -I MOBLOCK_FW -p tcp --dport $PORT -j ACCEPT done for PORT in $WHITE_UDP_FORWARD; do iptables -I MOBLOCK_FW -p udp --dport $PORT -j ACCEPT done # Loopback traffic fix iptables -I INPUT -p all -i lo -j ACCEPT iptables -I OUTPUT -p all -o lo -j ACCEPT