Update firewall - Add support for posrtforwarding using socat.
This commit is contained in:
parent
e2a215b393
commit
0560d125b1
@ -940,7 +940,7 @@
|
|||||||
- name: Check if String 'mumble_ports=..' is present
|
- name: Check if String 'mumble_ports=..' is present
|
||||||
shell: grep -q -E "^mumble_ports=" /etc/ipt-firewall/main_ipv6.conf
|
shell: grep -q -E "^mumble_ports=" /etc/ipt-firewall/main_ipv6.conf
|
||||||
register: mumble_ports_ipv6_present
|
register: mumble_ports_ipv6_present
|
||||||
when: main_ipv4_exists.stat.exists
|
when: main_ipv6_exists.stat.exists
|
||||||
failed_when: "mumble_ports_ipv6_present.rc > 1"
|
failed_when: "mumble_ports_ipv6_present.rc > 1"
|
||||||
changed_when: "mumble_ports_ipv6_present.rc > 0"
|
changed_when: "mumble_ports_ipv6_present.rc > 0"
|
||||||
|
|
||||||
@ -962,6 +962,134 @@
|
|||||||
notify:
|
notify:
|
||||||
- Restart IPv6 Firewall
|
- Restart IPv6 Firewall
|
||||||
|
|
||||||
|
|
||||||
|
# ---
|
||||||
|
# Portforwarding
|
||||||
|
# ---
|
||||||
|
|
||||||
|
- name: Check if String 'portforward_tcp=..' (IPv4) is present
|
||||||
|
shell: grep -q -E "^portforward_tcp=" /etc/ipt-firewall/main_ipv4.conf
|
||||||
|
register: portforward_tcp_ipv4_present
|
||||||
|
when: main_ipv4_exists.stat.exists
|
||||||
|
failed_when: "portforward_tcp_ipv4_present.rc > 1"
|
||||||
|
changed_when: "portforward_tcp_ipv4_present.rc > 0"
|
||||||
|
|
||||||
|
- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (portforward_tcp)
|
||||||
|
blockinfile:
|
||||||
|
path: /etc/ipt-firewall/main_ipv4.conf
|
||||||
|
insertafter: '^#?\s*forward_udp_out_ports'
|
||||||
|
block: |
|
||||||
|
|
||||||
|
# =============
|
||||||
|
# --- Portforwarding
|
||||||
|
# =============
|
||||||
|
|
||||||
|
# - Portforwarding TCP
|
||||||
|
# -
|
||||||
|
# - portforward_tcp="<device-in>:<src-ip>:<port-in>:<ip-to-forward>:<port-out>"
|
||||||
|
# -
|
||||||
|
# - Multiple declarations (blank separated list) are possible
|
||||||
|
# -
|
||||||
|
# - Example:
|
||||||
|
# - portforward_tcp="${ext_if_1}:83.223.86.95:9997:192.168.52.25:22
|
||||||
|
# - ${ext_if_1}:${ext_1_ip}:80:83.223.86.98:80
|
||||||
|
# - ${ext_if_1}:${ext_1_ip}:443:83.223.86.98:443
|
||||||
|
# - "
|
||||||
|
# -
|
||||||
|
# - Note!
|
||||||
|
# - be careful if you use a variable (e.g. ext_1_ip) that it contains NO SPACES.
|
||||||
|
# -
|
||||||
|
# - Blank separated list
|
||||||
|
# -
|
||||||
|
portforward_tcp=""
|
||||||
|
|
||||||
|
|
||||||
|
# - Portforwarding UDP
|
||||||
|
# -
|
||||||
|
# - portforward_udp="<device-in>:<src-ip>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
|
||||||
|
# -
|
||||||
|
# - Multiple declarations (blank separated list) are possible
|
||||||
|
# -
|
||||||
|
# - Example:
|
||||||
|
# - portforward_udp="
|
||||||
|
# - ${ext_if_1}:${ext_1_ip}:1194:192.168.52.25:1194
|
||||||
|
# - ${ext_if_1}:${ext_1_ip}:1195:192.168.53.24:1195
|
||||||
|
# - "
|
||||||
|
# -
|
||||||
|
# - Blank separated list
|
||||||
|
# -
|
||||||
|
portforward_udp=""
|
||||||
|
|
||||||
|
marker: "# Marker set by modify-ipt-server.yml (portforward_tcp)"
|
||||||
|
when:
|
||||||
|
- main_ipv4_exists.stat.exists
|
||||||
|
- portforward_tcp_ipv4_present is changed
|
||||||
|
notify:
|
||||||
|
- Restart IPv4 Firewall
|
||||||
|
|
||||||
|
|
||||||
|
- name: Check if String 'portforward_tcp=..' (IPv6) is present
|
||||||
|
shell: grep -q -E "^portforward_tcp=" /etc/ipt-firewall/main_ipv6.conf
|
||||||
|
register: portforward_tcp_ipv6_present
|
||||||
|
when: main_ipv6_exists.stat.exists
|
||||||
|
failed_when: "portforward_tcp_ipv6_present.rc > 1"
|
||||||
|
changed_when: "portforward_tcp_ipv6_present.rc > 0"
|
||||||
|
|
||||||
|
- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (mumble_ports)
|
||||||
|
blockinfile:
|
||||||
|
path: /etc/ipt-firewall/main_ipv6.conf
|
||||||
|
insertafter: '^#?\s*forward_udp_out_ports'
|
||||||
|
block: |
|
||||||
|
|
||||||
|
# =============
|
||||||
|
# --- Portforwarding
|
||||||
|
# =============
|
||||||
|
|
||||||
|
# - Portforwarding TCP
|
||||||
|
# -
|
||||||
|
# - portforward_tcp="<device-in>,<src-ip>,<port-in>,<ip-to-forward>,<port-out>"
|
||||||
|
# -
|
||||||
|
# - Multiple declarations (blank separated list) are possible
|
||||||
|
# -
|
||||||
|
# - Example:
|
||||||
|
# - portforward_tcp="${ext_if_1},${ext_1_ip},9997,2a01:30:0:13:5054:ff:fe83:dbda,c22
|
||||||
|
# - ${ext_if_1},${ext_1_ip},80,2a01:30:0:13:211:84ff:feb7:7f9c,80
|
||||||
|
# - ${ext_if_1},2a01:30:0:13:2d1:2bff:fec1:aed0,80,2a01:30:0:13:211:84ff:feb7:7f9c,80
|
||||||
|
# - ${ext_if_1},2a01:30:0:13:2d1:2bff:fec1:aed0,443,2a01:30:0:13:211:84ff:feb7:7f9c,443
|
||||||
|
# - "
|
||||||
|
# -
|
||||||
|
# - Note!
|
||||||
|
# - be careful if you use a variable (e.g. ext_1_ip) that it contains NO SPACES.
|
||||||
|
# -
|
||||||
|
# - Blank separated list
|
||||||
|
# -
|
||||||
|
portforward_tcp=""
|
||||||
|
|
||||||
|
|
||||||
|
# - Portforwarding UDP
|
||||||
|
# -
|
||||||
|
# - portforward_udp="<device-in>,<src-ip>,<udp-port-in>,<ip-to-forward>,<udp-port-out>"
|
||||||
|
# -
|
||||||
|
# - Multiple declarations (blank separated list) are possible
|
||||||
|
# -
|
||||||
|
# - Example:
|
||||||
|
# - portforward_udp="
|
||||||
|
# - ${ext_if_1},${ext_1_ip},1094,,1094
|
||||||
|
# - ${ext_if_1},${ext_1_ip},1095,,1095
|
||||||
|
# - "
|
||||||
|
# -
|
||||||
|
# - Blank separated list
|
||||||
|
# -
|
||||||
|
portforward_udp=""
|
||||||
|
|
||||||
|
marker: "# Marker set by modify-ipt-server.yml (portforward_tcp)"
|
||||||
|
when:
|
||||||
|
- main_ipv6_exists.stat.exists
|
||||||
|
- portforward_tcp_ipv6_present is changed
|
||||||
|
notify:
|
||||||
|
- Restart IPv6 Firewall
|
||||||
|
|
||||||
|
|
||||||
# ---
|
# ---
|
||||||
# Remove Marker set by blockinfile
|
# Remove Marker set by blockinfile
|
||||||
# ---
|
# ---
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user