From 29c0ad19069b3c78d661571403901f2126962228 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Sat, 23 Feb 2019 21:11:32 +0100
Subject: [PATCH] Fix different errors concerning extern resources from local
 networks/inferfaces.

---
 conf/main_ipv6.conf.sample  |  6 +++---
 conf/post_decalrations.conf |  8 ++++----
 ip6t-firewall-gateway       | 10 +++++-----
 ipt-firewall-gateway        |  8 ++++----
 4 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/conf/main_ipv6.conf.sample b/conf/main_ipv6.conf.sample
index 8eff9ba..f6c74f4 100644
--- a/conf/main_ipv6.conf.sample
+++ b/conf/main_ipv6.conf.sample
@@ -247,13 +247,13 @@ allow_local_if_to_local_ip=""
 
 # - allow_local_if_to_ext_service
 # -
-# - allow_local_if_to_ext_service="<local-interface>,<extern-ip>:<ext-port>:<protocol> [.."
+# - allow_local_if_to_ext_service="<local-interface>,<extern-ip>,<ext-port>,<protocol> [.."
 # -
 # - All traffic from the given (local) network interface to the given (extern) service is allowed
 # -
 # - Example:
-# -   allow_local_if_to_ext_service="${local_if_1},2a01:30:0:13:211:84ff:feb7:7f9c,3306:tcp
-# -                                  ${local_if_2},2a01:30:0:13:211:84ff:feb7:7f9c,3306:tcp"
+# -   allow_local_if_to_ext_service="${local_if_1},2a01:30:0:13:211:84ff:feb7:7f9c,3306,tcp
+# -                                  ${local_if_2},2a01:30:0:13:211:84ff:feb7:7f9c,3306,tcp"
 # -
 # - Blank separated list
 # -
diff --git a/conf/post_decalrations.conf b/conf/post_decalrations.conf
index 7937499..65e3189 100644
--- a/conf/post_decalrations.conf
+++ b/conf/post_decalrations.conf
@@ -153,7 +153,7 @@ done
 # - Allow extern service from given local interface
 # ---
 declare -a allow_local_if_to_ext_service_arr
-for val in $allow_local_if_to_ext_service ; do
+for _val in $allow_local_if_to_ext_service ; do
    allow_local_if_to_ext_service_arr+=("$_val")
 done
 
@@ -161,7 +161,7 @@ done
 # - Allow extern network from given local interface
 # ---
 declare -a allow_local_if_to_ext_net_arr
-for val in $allow_local_if_to_ext_net ; do
+for _val in $allow_local_if_to_ext_net ; do
    allow_local_if_to_ext_net_arr+=("$_val")
 done
 
@@ -169,7 +169,7 @@ done
 # - Allow extern service from given local network 
 # ---
 declare -a allow_local_net_to_ext_service_arr
-for val in $allow_local_net_to_ext_service ; do
+for _val in $allow_local_net_to_ext_service ; do
    allow_local_net_to_ext_service_arr+=("$_val")
 done
 
@@ -177,7 +177,7 @@ done
 # - Allow extern network from given local network
 # ---
 declare -a allow_local_net_to_ext_net_arr
-for val in $allow_local_net_to_ext_net ; do
+for _val in $allow_local_net_to_ext_net ; do
    allow_local_net_to_ext_net_arr+=("$_val")
 done
 
diff --git a/ip6t-firewall-gateway b/ip6t-firewall-gateway
index c2b17f8..54ea3ed 100755
--- a/ip6t-firewall-gateway
+++ b/ip6t-firewall-gateway
@@ -1039,7 +1039,7 @@ if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
          $ip6t -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
       fi
    done
-   echo_ok
+   echo_done
 else
    echo_skipped
 fi
@@ -1055,7 +1055,7 @@ echononl "\tAllow extern service from given local interface"
 if [[ ${#allow_local_if_to_ext_service_arr[@]} -gt 0 ]] \
       && $kernel_forward_between_interfaces ; then
 
-   for _val in "${#allow_local_if_to_ext_service_arr[@]}" ; do
+   for _val in "${allow_local_if_to_ext_service_arr[@]}" ; do
       IFS=',' read -a _val_arr <<< "${_val}"
       $ip6t -A FORWARD -p ${_val_arr[3]} -i ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
 
@@ -1071,7 +1071,7 @@ if [[ ${#allow_local_if_to_ext_service_arr[@]} -gt 0 ]] \
       fi
    done
 
-   echo_ok
+   echo_done
 else
    echo_skipped
 fi
@@ -1100,7 +1100,7 @@ if [[ ${#allow_local_if_to_ext_net_arr[@]} -gt 0 ]] \
          $ip6t -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
       fi
    done
-   echo_ok
+   echo_done
 else
    echo_skipped
 fi
@@ -1161,7 +1161,7 @@ if [[ ${#allow_local_net_to_ext_net_arr[@]} -gt 0 ]] \
          $ip6t -A FORWARD -p tcp -d ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
       fi
    done
-   echo_ok
+   echo_done
 else
    echo_skipped
 fi
diff --git a/ipt-firewall-gateway b/ipt-firewall-gateway
index c1f073e..ebb6356 100755
--- a/ipt-firewall-gateway
+++ b/ipt-firewall-gateway
@@ -1686,7 +1686,7 @@ echononl "\tAllow extern service from given local interface"
 if [[ ${#allow_local_if_to_ext_service_arr[@]} -gt 0 ]] \
       && $kernel_activate_forwarding ; then
 
-   for _val in "${#allow_local_if_to_ext_service_arr[@]}" ; do
+   for _val in "${allow_local_if_to_ext_service_arr[@]}" ; do
       IFS=':' read -a _val_arr <<< "${_val}"
       $ipt -A FORWARD -p ${_val_arr[3]} -i ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
 
@@ -1702,7 +1702,7 @@ if [[ ${#allow_local_if_to_ext_service_arr[@]} -gt 0 ]] \
       fi
    done
 
-   echo_ok
+   echo_done
 else
    echo_skipped
 fi
@@ -1731,7 +1731,7 @@ if [[ ${#allow_local_if_to_ext_net_arr[@]} -gt 0 ]] \
          $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
       fi
    done
-   echo_ok
+   echo_done
 else
    echo_skipped
 fi
@@ -1790,7 +1790,7 @@ if [[ ${#allow_local_net_to_ext_net_arr[@]} -gt 0 ]] \
          $ipt -A FORWARD -p tcp -d ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
       fi
    done
-   echo_ok
+   echo_done
 else
    echo_skipped
 fi