From 338b2cf8d7b0771dc551d9438f5465676ae5a565 Mon Sep 17 00:00:00 2001 From: Christoph Date: Sun, 30 Oct 2022 22:46:07 +0100 Subject: [PATCH] Adjust 'ip6t-firewall-gateway' and 'ipt-firewall-gateway'. Add forward rules for game ports if aliases in use. --- ip6t-firewall-gateway | 7 +++++++ ipt-firewall-gateway | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/ip6t-firewall-gateway b/ip6t-firewall-gateway index 544ecc9..11fc362 100755 --- a/ip6t-firewall-gateway +++ b/ip6t-firewall-gateway @@ -4723,6 +4723,13 @@ if $allow_gaming_out && ! $permit_local_net_to_inet ; then if $kernel_forward_between_interfaces ; then $ip6t -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT fi + + # - Rule is needed if (local) interface aliases in use (like eth0:1) + # - + if $kernel_activate_forwarding && $local_alias_interfaces ; then + $ip6t -A FORWARD -p tcp -o $_dev --dport $_port --tcp-flag ACK ACK -j ACCEPT + $ip6t -A FORWARD -p tcp -i $_dev --sport $_port --tcp-flag ACK ACK -j ACCEPT + fi done done diff --git a/ipt-firewall-gateway b/ipt-firewall-gateway index c508f85..d1b1995 100755 --- a/ipt-firewall-gateway +++ b/ipt-firewall-gateway @@ -5528,6 +5528,13 @@ if $allow_gaming_out && ! $permit_local_net_to_inet ; then $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT fi + # - Rule is needed if (local) interface aliases in use (like eth0:1) + # - + if $kernel_activate_forwarding && $local_alias_interfaces ; then + $ipt -A FORWARD -p tcp -o $_dev --dport $_port --tcp-flag ACK ACK -j ACCEPT + $ipt -A FORWARD -p tcp -i $_dev --sport $_port --tcp-flag ACK ACK -j ACCEPT + fi + done done