blob: b55693f759b0ff21c43ecb6eb8b33bd042c8e0df (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
IFACE=eth0
d="/etc/shorewall"
IP=`ip addr show $IFACE | awk -F 'inet' '{print $2}' | tail -n1 | awk '{print $1}`
BCAST=`ipcalc -b $IP | cut -d= -f2`
# verify that we actually have an eth0 device
ip addr show ${IFACE}
apk_add $@
# save current iptables
/etc/init.d/iptables save
echo "STARTUP_ENABLED=Yes" >> "${d}/shorewall.conf"
echo "loc ipv4" >> "${d}/zones"
echo "loc ${IFACE}" >> "${d}/interfaces"
# so we dont lose our ssh connection
echo "all all ACCEPT" >> "${d}/policy"
echo "Ping/REJECT fw all" >> "${d}/rules"
/etc/init.d/$@ start
# detect the broadcast adress and try to ping it
echo "BROADCAST addr is $BCAST"
# we should not be allowed to ping
ping -c 1 $BCAST 2>&1 | grep "not permitted"
/etc/init.d/$@ stop
/etc/init.d/iptables restore
apk_del $@
|