firewall/ipt-gateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for Checkmk monitoring service.

Browse Source
This commit is contained in:
Christoph
2019-06-20 14:06:00 +02:00
parent aead4e0ba8
commit 07ffaea9a7
6 changed files with 147 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
ip6t-firewall-gateway
View File

@ -3665,6 +3665,56 @@ else
fi
# ---
# - Checkmk Monitoring Service Gateway
# ---
echononl "\t\tCheckmk Monitoring Service Gateway (only local network)"
if $checkmk_service_gateway ; then
for _dev in ${local_if_arr[@]} ; do
$ip6t -A OUTPUT -o $_dev -p tcp --dport $checkmk_local_port -m conntrack --ctstate NEW -j ACCEPT
done
echo_done
else
echo_skipped
fi
# ---
# - Checkmk Service local Networks
# ---
echononl "\t\tCheckmk Monitoring Service local Networks"
if [[ ${#checkmk_local_server_ip_arr[@]} -gt 0 ]] ; then
for _ip in ${checkmk_local_server_ip_arr[@]} ; do
$ip6t -A INPUT -s $_ip -p tcp --dport $checkmk_local_port -m conntrack --ctstate NEW -j ACCEPT
if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
for _dev in ${local_if_arr[@]} ; do
if ! $permit_between_local_networks ; then
$ip6t -A FORWARD -i $_dev -s $_ip -p tcp --dport $checkmk_local_port -m conntrack --ctstate NEW -j ACCEPT
fi
done
fi
# - Rule is needed if (local) interface aliases in use (like eth0:1)
# -
if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
$ip6t -A FORWARD -p tcp -d $_ip --sport $checkmk_local_port --tcp-flag ACK ACK -j ACCEPT
$ip6t -A FORWARD -p tcp -s $_ip --dport $checkmk_local_port --tcp-flag ACK ACK -j ACCEPT
fi
done
echo_done
else
echo_skipped
fi
# ---
# - XyMon local service
# ---