ph1048 · May 1, 2021 22:06
diff --git a/gistfile1.txt b/gistfile1.txt
 #!/bin/sh

 [ "$table" != "filter" ] && exit 0

 /opt/sbin/ipset create knockd hash:ip -exist
 /opt/sbin/iptables -I _NDM_IP_PUBLIC -p udp --dport 1701 -j DROP
 /opt/sbin/iptables -I _NDM_IP_PUBLIC -p udp --dport 500 -j DROP
 /opt/sbin/iptables -I _NDM_IP_PUBLIC -p udp --dport 4500 -j DROP
 /opt/sbin/iptables -I _NDM_IP_PUBLIC -m set --match-set knockd src -p udp --dport 1701 -j ACCEPT
 /opt/sbin/iptables -I _NDM_IP_PUBLIC -m set --match-set knockd src -p udp --dport 500 -j ACCEPT
 /opt/sbin/iptables -I _NDM_IP_PUBLIC -m set --match-set knockd src -p udp --dport 4500 -j ACCEPT
	#!/bin/sh

	[ "$table" != "filter" ] && exit 0

	/opt/sbin/ipset create knockd hash:ip -exist
	/opt/sbin/iptables -I _NDM_IP_PUBLIC -p udp --dport 1701 -j DROP
	/opt/sbin/iptables -I _NDM_IP_PUBLIC -p udp --dport 500 -j DROP
	/opt/sbin/iptables -I _NDM_IP_PUBLIC -p udp --dport 4500 -j DROP
	/opt/sbin/iptables -I _NDM_IP_PUBLIC -m set --match-set knockd src -p udp --dport 1701 -j ACCEPT
	/opt/sbin/iptables -I _NDM_IP_PUBLIC -m set --match-set knockd src -p udp --dport 500 -j ACCEPT
	/opt/sbin/iptables -I _NDM_IP_PUBLIC -m set --match-set knockd src -p udp --dport 4500 -j ACCEPT