firewall/ipt-gateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adjust 'ip6t-firewall-gateway' and 'ipt-firewall-gateway'. Add forward rules for game ports if aliases in use.

Browse Source
This commit is contained in:
Christoph 2022-10-30 22:46:07 +01:00
parent 9fbc59fe09
commit 338b2cf8d7
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ip6t-firewall-gateway
View File

@ -4723,6 +4723,13 @@ if $allow_gaming_out && ! $permit_local_net_to_inet ; then
if $kernel_forward_between_interfaces ; then
$ip6t -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
fi
# - Rule is needed if (local) interface aliases in use (like eth0:1)
# -
if $kernel_activate_forwarding && $local_alias_interfaces ; then
$ip6t -A FORWARD -p tcp -o $_dev --dport $_port --tcp-flag ACK ACK -j ACCEPT
$ip6t -A FORWARD -p tcp -i $_dev --sport $_port --tcp-flag ACK ACK -j ACCEPT
fi
done
done

7
ipt-firewall-gateway
View File

@ -5528,6 +5528,13 @@ if $allow_gaming_out && ! $permit_local_net_to_inet ; then
$ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
fi
# - Rule is needed if (local) interface aliases in use (like eth0:1)
# -
if $kernel_activate_forwarding && $local_alias_interfaces ; then
$ipt -A FORWARD -p tcp -o $_dev --dport $_port --tcp-flag ACK ACK -j ACCEPT
$ipt -A FORWARD -p tcp -i $_dev --sport $_port --tcp-flag ACK ACK -j ACCEPT
fi
done
done