Add support for local service reachable from all extern networks.

ipt-firewall-gateway

@@ -1465,6 +1465,56 @@ fi
 
 
 
+# ---
+# - Allow local services from ALL extern netwoks
+# ---
+
+echononl "\tAllow local services from ALL extern netwoks"
+
+if [[ ${#allow_all_ext_traffic_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_all_ext_traffic_to_local_service_arr[@]}" ; do
+
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[0]}" "${gateway_ipv4_address_arr[@]}" ; then
+            $ipt -A INPUT -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+            continue
+         fi
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${_val_arr[0]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -j DNAT --to ${_val_arr[0]}:${_val_arr[1]}
+            fi
+            $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         fi
+
+      done
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p ${_val_arr[2]} -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+
 # ---
 # - Allow local services from given extern networks
 # ---