36 lines
1.5 KiB
Bash
Executable file
36 lines
1.5 KiB
Bash
Executable file
#!/bin/sh
|
|
PROFILE_CFG=/userfs/profile.cfg
|
|
if [ -f $PROFILE_CFG ] ; then
|
|
chmod 777 $PROFILE_CFG
|
|
. $PROFILE_CFG
|
|
fi
|
|
/bin/echo 1 > /proc/sys/net/ipv4/tcp_syncookies
|
|
/bin/echo 16 > /proc/sys/net/ipv4/tcp_max_syn_backlog
|
|
/bin/echo 3 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_syn_recv
|
|
if [ "$MSTC_FIREWALL_CUSTOMIZATION" != "" ] ;then
|
|
iptables -t filter -I FORWARD 1 -i ! br+ -p udp -m iprange --dst-range 224.0.0.0-239.255.255.255 -j RETURN
|
|
iptables -t filter -N AppFrwlInChk
|
|
iptables -t filter -N AppFrwlOutChk
|
|
iptables -t filter -N AppForward
|
|
iptables -t filter -N AppFrwlForwardInChk 2>/dev/null
|
|
iptables -t filter -N AppFrwlForwardOutChk 2>/dev/null
|
|
iptables -t filter -A INPUT -j AppFrwlInChk
|
|
iptables -t filter -A OUTPUT -j AppFrwlOutChk
|
|
iptables -t filter -A FORWARD -j AppForward
|
|
iptables -t filter -A AppFrwlForwardInChk -j AppFrwlForwardOutChk
|
|
iptables -t filter -N FrwlForwardInChk
|
|
iptables -t filter -N FrwlOutChk
|
|
iptables -t filter -A OUTPUT -j FrwlOutChk
|
|
iptables -t filter -N FrwlInChk
|
|
iptables -t filter -A INPUT -j FrwlInChk
|
|
iptables -t filter -A FrwlForwardInChk -j FrwlOutChk
|
|
fi
|
|
if [ "$MSTC_GVT_TR181_FIREWALL" != "" ] || [ "$MSTC_SOPHIA_COMMON_TR181_FIREWALL" != "" ] ;then
|
|
iptables -t filter -I FORWARD 1 -i ! br+ -p udp -m iprange --dst-range 224.0.0.0-239.255.255.255 -j RETURN
|
|
iptables -t filter -N TR181FrwlForward
|
|
iptables -t filter -A FORWARD -j TR181FrwlForward
|
|
iptables -t filter -N TR181FrwlOutput
|
|
iptables -t filter -A OUTPUT -j TR181FrwlOutput
|
|
iptables -t filter -N TR181FrwlInput
|
|
iptables -t filter -A INPUT -j TR181FrwlInput
|
|
fi
|