Add rules for local ssh services

2017-02-24 13:31:20 +01:00
parent 1c5531ccaf
commit 47487219f1
5 changed files with 111 additions and 2 deletions
--- a/36
+++ b/36
@ -1152,6 +1152,42 @@ else
 fi


+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
 # ---
 # - SSH Services DMZ
 # ---