1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
post_install() {
if ps -acx | grep -q "[s]shd-session"; then
echo "You have ssh session and this script will brick all network on remote
Script will automatically run after disconect or connect event in any existing
Network Manager connection, at ~1m after boot,
and set persistent iptables rules with new sysctl settings for system and network.
Create some problems with tools like docker, lxc, and in some vpc, developed and tested
ONLY for using at every day desktop/worksation with isolated development boxes.
Have some compability with STEAM but in some cases block 'magic' on lo.
Run sudo pacman -R simple-stateful-firewall-git
"
systemctl stop simplestatefulfirewall.timer
systemctl disable simplestatefulfirewall.timer
systemctl stop iptables
systemctl disable iptables
systemctl stop ip6tables
systemctl disable ip6tables
else
systemctl enable simplestatefulfirewall.timer
systemctl start simplestatefulfirewall.timer
echo "Script will automatically run after disconect or connect event in any existing
Network Manager connection, at ~1m after boot,
and set persistent iptables rules with new sysctl settings for system and network.
Create some problems with tools like docker, lxc, and in some vpc, developed and tested
ONLY for using at every day desktop/worksation with isolated development boxes.
Have some compability with STEAM but in some cases block 'magic' on lo.
run - sudo systemctl start simplestatefulfirewall.service
restart - sudo systemctl restart simplestatefulfirewall.service
"
fi
}
pre_upgrade() {
if ps -acx | grep -q "[s]shd-session"; then
echo "You have ssh session and this script will brick all network on remote"
systemctl stop simplestatefulfirewall.timer
systemctl disable simplestatefulfirewall.timer
fi
}
post_upgrade() {
if ps -acx | grep -q "[s]shd-session"; then
echo "You have ssh session and this script will brick all network on remote
Run sudo pacman -R simple-stateful-firewall
"
systemctl stop simplestatefulfirewall.timer
systemctl disable simplestatefulfirewall.timer
else
systemctl enable simplestatefulfirewall.timer
systemctl start simplestatefulfirewall.timer
echo "
Script will automatically run after disconect or connect event in any existing
Network Manager connection, at ~1m after boot,
and set persistent iptables rules with new sysctl settings for system and network.
Create some problems with tools like docker, lxc, and in some vpc, developed and tested
ONLY for using at every day desktop/worksation with isolated development boxes.
Have some compability with STEAM but in some cases block 'magic' on lo.
run - sudo systemctl start simplestatefulfirewall.service
restart - sudo systemctl restart simplestatefulfirewall.service
"
fi
}
pre_remove() {
sudo systemctl disable simplestatefulfirewall.timer
if ps -acx | grep -q "[s]shd-session"; then
echo "You have ssh session and this script will brick all network on remote, cleanup iptables rules by self"
systemctl stop iptables
systemctl disable iptables
systemctl stop ip6tables
systemctl disable ip6tables
else
iptables -F
iptables -t raw -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t raw -X
iptables -t nat -X
iptables -t mangle -X
ip6tables -F
ip6tables -t raw -F
ip6tables -t nat -F
ip6tables -t mangle -F
ip6tables -X
ip6tables -t raw -X
ip6tables -t nat -X
ip6tables -t mangle -X
iptables-save > /etc/iptables/iptables.rules
ip6tables-save > /etc/iptables/ip6tables.rules
systemctl stop iptables
systemctl disable iptables
systemctl stop ip6tables
systemctl disable ip6tables
fi
}
post_remove() {
if [ -f /usr/lib/systemd/system/opensnitchd.service ]; then
systemctl restart opensnitch
fi
if [ -f /usr/lib/systemd/system/ufw.service ]; then
systemctl enable ufw
systemctl start ufw
fi
}
|