firewall/ipt-gateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ipt-firewall-gateway: some minor changes at script output.

Browse Source
This commit is contained in:
Christoph 2022-06-09 00:12:16 +02:00
parent 4e4c041f9f
commit 4de6f50e12
1 changed files with 35 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
ipt-firewall-gateway
View File

@ -265,16 +265,27 @@ $ipt -F -t raw
$ipt -X $ipt -X
$ipt -Z $ipt -Z
echo_done
$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu $ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
unset natted_interface_arr unset natted_interface_arr
declare -a natted_interface_arr declare -a natted_interface_arr
for _dev in ${nat_device_arr[@]} ; do echo ""
echononl "\tMasquerade (NAT) interfaces.."
if [[ ${#nat_device_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
for _dev in ${nat_device_arr[@]} ; do
$ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
natted_interface_arr+=("$_dev") natted_interface_arr+=("$_dev")
done done
echo_done
else
echo_skipped
fi
echononl "\tMasquerade (NAT) networks.."
if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
for _val in "${nat_network_arr[@]}" ; do for _val in "${nat_network_arr[@]}" ; do
IFS=':' read -a _val_arr <<< "${_val}" IFS=':' read -a _val_arr <<< "${_val}"
@ -290,14 +301,22 @@ if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
$ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
$ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -s ${_val_arr[0]} -j MASQUERADE $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -s ${_val_arr[0]} -j MASQUERADE
done done
echo_done
else
echo_skipped
fi fi
echo
if $telekom_internet_tv ; then if $telekom_internet_tv ; then
echononl "\tNAT Telekom Intzernet TV.."
$ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
echo_done
echo
fi fi
unset no_if_for_ip_arr unset no_if_for_ip_arr
declare -a no_if_for_ip_arr declare -a no_if_for_ip_arr
echononl "\tMasquerade TCP Connections .."
if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
for _val in "${masquerade_tcp_con_arr[@]}" ; do for _val in "${masquerade_tcp_con_arr[@]}" ; do
IFS=':' read -a _val_arr <<< "${_val}" IFS=':' read -a _val_arr <<< "${_val}"
@ -311,22 +330,22 @@ if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; th
fi fi
$ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
done done
echo_done
else
echo_skipped
fi fi
#echo_done # Flushing firewall iptable (IPv4)..
if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
echo_warning echo_warning
for _ip in ${no_if_for_ip_arr[@]} ; do for _ip in ${no_if_for_ip_arr[@]} ; do
warn "(TCP) Masquerading for ip '$_ip' was omitted - No destination interface present!" warn "(TCP) Masquerading for ip '$_ip' was omitted - No destination interface present!"
done done
else
echo_done
fi fi
echo
unset no_if_for_ip_arr unset no_if_for_ip_arr
declare -a no_if_for_ip_arr declare -a no_if_for_ip_arr
echononl "\tMasquerade UDP Connections .."
if [[ ${#masquerade_udp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then if [[ ${#masquerade_udp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
for _val in "${masquerade_udp_con_arr[@]}" ; do for _val in "${masquerade_udp_con_arr[@]}" ; do
IFS=':' read -a _val_arr <<< "${_val}" IFS=':' read -a _val_arr <<< "${_val}"
@ -340,26 +359,30 @@ if [[ ${#masquerade_udp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; th
fi fi
$ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p udp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p udp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
done done
echo_done
else
echo_skipped
fi fi
#echo_done # Flushing firewall iptable (IPv4)..
if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
echo_warning echo_warning
for _ip in ${no_if_for_ip_arr[@]} ; do for _ip in ${no_if_for_ip_arr[@]} ; do
warn "(UDP) Masquerading for ip '$_ip' was omitted - No destination interface present!" warn "(UDP) Masquerading for ip '$_ip' was omitted - No destination interface present!"
done done
else
echo_done
fi fi
echo
echononl "\tMasquerade ICMP Connections .."
if [[ ${#masquerade_icmp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then if [[ ${#masquerade_icmp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
for _val in "${masquerade_icmp_con_arr[@]}" ; do for _val in "${masquerade_icmp_con_arr[@]}" ; do
IFS=':' read -a _val_arr <<< "${_val}" IFS=':' read -a _val_arr <<< "${_val}"
$ipt -t nat -A POSTROUTING -p icmp -s ${_val_arr[0]} -d ${_val_arr[1]} -j MASQUERADE $ipt -t nat -A POSTROUTING -p icmp -s ${_val_arr[0]} -d ${_val_arr[1]} -j MASQUERADE
done done
echo_done
else
echo_skipped
fi fi
echo
# ------------- # -------------