From 52022cd6c7fd1dc0948334b0abddcb4cda5f90e4 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Wed, 9 Mar 2022 04:02:00 +0100
Subject: [PATCH] Forward missing Spamcontrolports.

---
 ip6t-firewall-gateway | 15 +++++++++++++++
 ipt-firewall-gateway  | 16 ++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/ip6t-firewall-gateway b/ip6t-firewall-gateway
index d7a6f11..50990a3 100755
--- a/ip6t-firewall-gateway
+++ b/ip6t-firewall-gateway
@@ -2377,6 +2377,21 @@ if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
    mail_port_arr+=("$mail_smtp_port")
    for _ip in "${!mail_server_dmz_arr[@]}"; do
 
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+
+         # Razor2  (TCP Port 2703)
+         $ip6t -A FORWARD -o ${mail_server_dmz_arr[$_ip]} -p tcp --dport 2703 -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+         # Pyzor (UDP Port 24441 or  TCP Port 24441 or both ?)
+         $ip6t -A FORWARD -o ${mail_server_dmz_arr[$_ip]} -p tcp --dport 24441 -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -o ${mail_server_dmz_arr[$_ip]} -p udp --dport 24441 -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+
+         # - DCC  (port udp:6277)
+         $ip6t -A FORWARD -o ${mail_server_dmz_arr[$_ip]} -p udp --dport 6277 -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+         # if DCC Server is running (port tcp:6277)
+         $ip6t -A FORWARD -o ${mail_server_dmz_arr[$_ip]} -p tcp --dport 6277 -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport 6277 -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
       # - Skip if no interface is given
       # -
       if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
diff --git a/ipt-firewall-gateway b/ipt-firewall-gateway
index 380e93d..f343110 100755
--- a/ipt-firewall-gateway
+++ b/ipt-firewall-gateway
@@ -3098,6 +3098,22 @@ if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
    mail_port_arr+=("$mail_smtp_port")
    for _ip in "${!mail_server_dmz_arr[@]}"; do
 
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+
+         # Razor2  (TCP Port 2703)
+         $ipt -A FORWARD -o ${mail_server_dmz_arr[$_ip]} -p tcp --dport 2703 -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+         # Pyzor (UDP Port 24441 or  TCP Port 24441 or both ?)
+         $ipt -A FORWARD -o ${mail_server_dmz_arr[$_ip]} -p tcp --dport 24441 -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o ${mail_server_dmz_arr[$_ip]} -p udp --dport 24441 -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+
+         # - DCC  (port udp:6277)
+         $ipt -A FORWARD -o ${mail_server_dmz_arr[$_ip]} -p udp --dport 6277 -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+         # if DCC Server is running (port tcp:6277)
+         $ipt -A FORWARD -o ${mail_server_dmz_arr[$_ip]} -p tcp --dport 6277 -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport 6277 -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+
       # - Skip if no interface is given
       # -
       if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then