firewall/ipt-gateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for speedtest. fix error txp/udp ports out.

Browse Source
This commit is contained in:
Christoph
2023-12-07 22:37:04 +01:00
parent 3052da6795
commit 358a81cce9
5 changed files with 64 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
ip6t-firewall-gateway
View File

@ -885,7 +885,6 @@ if [[ ${#restrict_vpn_net_to_local_service_arr[@]} -gt 0 ]] \
# Allow also ICMP (ping)
$ip6t -A INPUT -p icmp -s ${_val_arr[0]} -d ${_val_arr[1]} -j ACCEPT
$ipt -A INPUT -s $_net
else
@ -4282,21 +4281,21 @@ fi
# ---
# - Special TCP Ports OUT
# - Collected TCP Ports OUT
# ---
echononl "\t\tSpecial TCP Ports OUT"
echononl "\t\tCollected TCP Ports OUT"
if [[ ${#tcp_out_port_arr[@]} -gt 0 ]] ; then
if [[ ${#out_tcp_port_arr[@]} -gt 0 ]] ; then
for _dev in ${ext_if_arr[@]} ; do
for _port in ${tcp_out_port_arr[@]} ; do
$ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m state --state NEW -j ACCEPT
if $kernel_forward_between_interfaces ; then
$ip6t -A FORWARD -o $_dev -p tcp --dport $_port -m state --state NEW -j ACCEPT
fi
done
done
for _dev in ${ext_if_arr[@]} ; do
for _port in ${out_tcp_port_arr[@]} ; do
$ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m state --state NEW -j ACCEPT
if $kernel_forward_between_interfaces ; then
$ip6t -A FORWARD -o $_dev -p tcp --dport $_port -m state --state NEW -j ACCEPT
fi
done
done
echo_done
else
@ -4305,21 +4304,21 @@ fi
# ---
# - Special UDP Ports OUT
# - Collected UDP Ports OUT
# ---
echononl "\t\tSpecial UDP Ports OUT"
echononl "\t\tCollected UDP Ports OUT"
if [[ ${#udp_out_port_arr[@]} -gt 0 ]] ; then
if [[ ${#out_udp_port_arr[@]} -gt 0 ]] ; then
for _dev in ${ext_if_arr[@]} ; do
for _port in ${udp_out_port_arr[@]} ; do
$ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m state --state NEW -j ACCEPT
if $kernel_forward_between_interfaces ; then
$ip6t -A FORWARD -o $_dev -p udp --dport $_port -m state --state NEW -j ACCEPT
fi
done
done
for _dev in ${ext_if_arr[@]} ; do
for _port in ${out_udp_port_arr[@]} ; do
$ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m state --state NEW -j ACCEPT
if $kernel_forward_between_interfaces ; then
$ip6t -A FORWARD -o $_dev -p udp --dport $_port -m state --state NEW -j ACCEPT
fi
done
done
echo_done
else