1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
post_install() {
if ps -acx | grep -q "[s]shd-session"; then
echo "You have ssh session and this script will brick all network on remote
Script will automatically run after disconect or connect event in any existing
Network Manager connection, at ~1m after boot,
and set persistent iptables rules with new sysctl settings for system and network.
Create some problems with tools like docker, lxc, and in some vpc, developed and tested
ONLY for using at every day desktop/worksation with isolated development boxes.
Have some compability with STEAM but in some cases block 'magic' on lo.
Run sudo pacman -R simple-stateful-firewall
"
sudo systemctl stop simplestatefulfirewall.timer
sudo systemctl disable simplestatefulfirewall.timer
else
sudo systemctl enable simplestatefulfirewall.timer
sudo systemctl start simplestatefulfirewall.timer
echo "Script will automatically run after disconect or connect event in any existing
Network Manager connection, at ~1m after boot,
and set persistent iptables rules with new sysctl settings for system and network.
Create some problems with tools like docker, lxc, and in some vpc, developed and tested
ONLY for using at every day desktop/worksation with isolated development boxes.
Have some compability with STEAM but in some cases block 'magic' on lo.
run - sudo systemctl start simplestatefulfirewall.service
restart - sudo systemctl restart simplestatefulfirewall.service
"
fi
}
pre_upgrade() {
if ps -acx | grep -q "[s]shd-session"; then
echo "You have ssh session and this script will brick all network on remote"
sudo systemctl stop simplestatefulfirewall.timer
sudo systemctl disable simplestatefulfirewall.timer
fi
}
post_upgrade() {
if ps -acx | grep -q "[s]shd-session"; then
echo "You have ssh session and this script will brick all network on remote
Run sudo pacman -R simple-stateful-firewall
"
sudo systemctl stop simplestatefulfirewall.timer
sudo systemctl disable simplestatefulfirewall.timer
else
sudo systemctl enable simplestatefulfirewall.timer
sudo systemctl start simplestatefulfirewall.timer
echo "
Script will automatically run after disconect or connect event in any existing
Network Manager connection, at ~1m after boot,
and set persistent iptables rules with new sysctl settings for system and network.
Create some problems with tools like docker, lxc, and in some vpc, developed and tested
ONLY for using at every day desktop/worksation with isolated development boxes.
Have some compability with STEAM but in some cases block 'magic' on lo.
run - sudo systemctl start simplestatefulfirewall.service
restart - sudo systemctl restart simplestatefulfirewall.service
"
fi
}
pre_remove() {
sudo systemctl disable simplestatefulfirewall.timer
if ps -acx | grep -q "[s]shd-session"; then
echo "You have ssh session"
else
iptables -F
iptables -t raw -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t raw -X
iptables -t nat -X
iptables -t mangle -X
ip6tables -F
ip6tables -t raw -F
ip6tables -t nat -F
ip6tables -t mangle -F
ip6tables -X
ip6tables -t raw -X
ip6tables -t nat -X
ip6tables -t mangle -X
iptables-save > /etc/iptables/iptables.rules
ip6tables-save > /etc/iptables/ip6tables.rules
systemctl stop iptables
systemctl disable iptables
systemctl stop ip6tables
systemctl disable ip6tables
fi
}
post_remove() {
if [ -f /usr/lib/systemd/system/opensnitchd.service ]; then
systemctl restart opensnitch
fi
if [ -f /usr/lib/systemd/system/ufw.service ]; then
systemctl enable ufw
systemctl start ufw
fi
}
|