ACC SHELL

Path : /etc/sysconfig/scripts/
File Upload :
Current File : //etc/sysconfig/scripts/SuSEfirewall2-custom

#
# Authors: Marc Heuse,
#          Volker Kuhlmann <kuhlmav@elec.canterbury.ac.nz>
#
# /etc/sysconfig/scripts/SuSEfirewall2-custom
#
# ------------------------------------------------------------------------
#
# This is file is for SuSEfirewall2 and is an example for using
# the hooks which are supplied to load customized ipchains rules.
#
# THERE IS NO HELP FOR USING HOOKS EXCEPT THIS FILE ! SO READ CAREFULLY !
# IT IS USEFUL TO CROSS-READ /sbin/SuSEfirewall2 TO SEE HOW HOOKS WORK !
#
# ------------------------------------------------------------------------

fw_custom_after_chain_creation() {
    # these rules will be loaded after the various input_* and forward_* chains
    # are created.
    # You can use this hook to allow/deny certain IP protocols or TCP/UDP
    # ports before the SuSEfirewall2 generated rules are hit.

#example: always filter backorifice/netbus trojan connect requests and log them.
#for target in LOG DROP; do
#    for chain in input_ext input_dmz input_int forward_int forward_ext forward_dmz; do
#        iptables -A $chain -j $target -p tcp --dport 31337
#        iptables -A $chain -j $target -p udp --dport 31337
#        iptables -A $chain -j $target -p tcp --dport 12345:12346
#        iptables -A $chain -j $target -p udp --dport 12345:12346
#    done
#done

    true
}

fw_custom_before_port_handling() { 
    # these rules will be loaded after the anti-spoofing and icmp handling
    # and after the input has been redirected to the input_XXX and 
    # forward_XXX chains and some basic chain-specific anti-circumvention
    # rules have been set,
    # but before any IP protocol or TCP/UDP port allow/protection rules
    # will be set.
    # You can use this hook to allow/deny certain IP protocols or TCP/UDP
    # ports before the SuSEfirewall2 generated rules are hit.

    true
}

fw_custom_before_masq() { # could also be named "after_port_handling()"
    # these rules will be loaded after the IP protocol and TCP/UDP port
    # handling, but before any IP forwarding (routing), masquerading
    # will be done.
    # NOTE: reverse masquerading is before directly after
    #       fw_custom_before_port_handling !!!!
    # You can use this hook to ... hmmm ... I'm sure you'll find a use for
    # this ...

    true
}

fw_custom_before_denyall() { # could also be named "after_forwardmasq()"
    # these are the rules to be loaded after IP forwarding and masquerading
    # but before the logging and deny all section is set by SuSEfirewall2.
    # You can use this hook to prevent the logging of annoying packets.

#example: prevent logging of talk requests from anywhere
#for chain in input_ext input_dmz input_int forward_int forward_ext forward_dmz; do
#    iptables -A $chain -j DROP -p udp --dport 517:518
#done

    true
}

ACC SHELL 2018