Skip to content

Commit 89d8574

Browse files
quietsyquietsy
committed
Reorder firehol
1 parent d3586c7 commit 89d8574

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

docs/vps-firehol.md

+10-10
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,13 @@ LOG="/home/user/firehol/firehol.log"
3737
URLS=$(cat "/home/user/firehol/firehol.conf")
3838
echo "Updating Firehol $(date)" >> $LOG
3939

40+
iptables -D INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT > /dev/null 2>&1
41+
iptables -D DOCKER-USER -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT > /dev/null 2>&1
42+
iptables -D FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT > /dev/null 2>&1
43+
iptables -I FORWARD 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT >> $LOG
44+
iptables -I INPUT 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT >> $LOG
45+
iptables -I DOCKER-USER 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT >> $LOG
46+
4047
for URL in $URLS
4148
do
4249
echo $URL >> $LOG
@@ -56,17 +63,10 @@ do
5663
/usr/sbin/iptables -D FORWARD -m set --match-set $NAME src -j DROP &>/dev/null
5764
/usr/sbin/iptables -D INPUT -m set --match-set $NAME src -j DROP &>/dev/null
5865
/usr/sbin/iptables -D DOCKER-USER -m set --match-set $NAME src -j DROP &>/dev/null
59-
/usr/sbin/iptables -I DOCKER-USER 1 -m set --match-set $NAME src -j DROP >> $LOG
60-
/usr/sbin/iptables -I INPUT 1 -m set --match-set $NAME src -j DROP >> $LOG
61-
/usr/sbin/iptables -I FORWARD 1 -m set --match-set $NAME src -j DROP >> $LOG
66+
/usr/sbin/iptables -I DOCKER-USER 2 -m set --match-set $NAME src -j DROP >> $LOG
67+
/usr/sbin/iptables -I INPUT 2 -m set --match-set $NAME src -j DROP >> $LOG
68+
/usr/sbin/iptables -I FORWARD 2 -m set --match-set $NAME src -j DROP >> $LOG
6269
done
63-
64-
iptables -D INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT > /dev/null 2>&1
65-
iptables -D DOCKER-USER -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT > /dev/null 2>&1
66-
iptables -D FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT > /dev/null 2>&1
67-
iptables -I FORWARD 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT >> $LOG
68-
iptables -I INPUT 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT >> $LOG
69-
iptables -I DOCKER-USER 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT >> $LOG
7070
```
7171

7272
Verify that it works and the ipsets have been filled:

0 commit comments

Comments
 (0)