From 5a958fa332d095a8cd2cf983f09b13a3b07ecc52 Mon Sep 17 00:00:00 2001 From: Christoph Date: Sun, 26 Jul 2020 21:08:04 +0200 Subject: [PATCH] Add support for Epson Network Scanner. --- conf/default_ports.conf | 11 +++++++++++ conf/main_ipv4.conf.sample | 14 +++++++++++++- conf/main_ipv6.conf.sample | 13 ++++++++++++- conf/post_decalrations.conf | 8 ++++++++ ip6t-firewall-gateway | 29 +++++++++++++++++++++++++++++ ipt-firewall-gateway | 29 +++++++++++++++++++++++++++++ 6 files changed, 102 insertions(+), 2 deletions(-) diff --git a/conf/default_ports.conf b/conf/default_ports.conf index 905ed9c..bd6e37b 100644 --- a/conf/default_ports.conf +++ b/conf/default_ports.conf @@ -38,6 +38,17 @@ standard_vpn_port=1194 standard_whois_port=43 standard_xymon_port=1984 + +# - Brother (brscan) +# - +standard_brother_brscan_port=54921 + + +# - Epson Network Scan +# - +standard_epson_network_scan_port=1865 + + # - IPsec - Internet Security Association and # - Key Management Protocol standard_isakmp_port=500 diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample index c497f5f..b745312 100644 --- a/conf/main_ipv4.conf.sample +++ b/conf/main_ipv4.conf.sample @@ -1151,7 +1151,19 @@ printer_ips="" # - Blank seoarated list # - brother_scanner_ips="" -brscan_port=54921 +brscan_port="$standard_brother_brscan_port" + +# ====== +# - Epson Network Scan +# ====== + +# - IP Adresses Epson Network Scanner +# - +# - Blank seoarated list +# - +epson_scanner_ips="" +epson_scan_port="$standard_epson_network_scan_port" + diff --git a/conf/main_ipv6.conf.sample b/conf/main_ipv6.conf.sample index dfee9de..6c091a8 100644 --- a/conf/main_ipv6.conf.sample +++ b/conf/main_ipv6.conf.sample @@ -1126,7 +1126,18 @@ printer_ips="" # - Blank seoarated list # - brother_scanner_ips="" -brscan_port=54921 +brscan_port="$standard_brother_brscan_port" + +# ====== +# - Epson Network Scan +# ====== + +# - IP Adresses Epson Network Scanner +# - +# - Blank seoarated list +# - +epson_scanner_ips="" +epson_scan_port="$standard_epson_network_scan_port" diff --git a/conf/post_decalrations.conf b/conf/post_decalrations.conf index 73ba90a..ce23112 100644 --- a/conf/post_decalrations.conf +++ b/conf/post_decalrations.conf @@ -404,6 +404,14 @@ for _ip in $brother_scanner_ips ; do brother_scanner_ip_arr+=("$_ip") done +# --- +# - IP Adresses Epson Network Scanner +# --- +declare -a epson_scanner_ip_arr +for _ip in $epson_scanner_ips ; do + epson_scanner_ip_arr+=("$_ip") +done + # --- # - IP Addresses PCNS Server # --- diff --git a/ip6t-firewall-gateway b/ip6t-firewall-gateway index 7da929d..c46b3c5 100755 --- a/ip6t-firewall-gateway +++ b/ip6t-firewall-gateway @@ -3315,6 +3315,35 @@ else echo_skipped fi +echononl "\t\tEpson Network Scanner (Port $epson_scan_port) only between local Networks" + +if [[ ${#epson_scanner_ip_arr[@]} -gt 0 ]] \ + && $kernel_forward_between_interfaces \ + && ! $permit_between_local_networks \ + && $allow_scanning_between_local_nets ; then + for _ip in ${epson_scanner_ip_arr[@]} ; do + for _dev in ${local_if_arr[@]} ; do + # - UDP + $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $epson_scan_port -m conntrack --ctstate NEW -j ACCEPT + # - TCP + $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $epson_scan_port -m conntrack --ctstate NEW -j ACCEPT + + # - Note: + # - If (local) alias interfaces like eth1:0 in use, youe need a further + # - special rule. + # - + if $local_alias_interfaces ; then + $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $epson_scan_port --tcp-flag ACK ACK -j ACCEPT + $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $epson_scan_port --tcp-flag ACK ACK -j ACCEPT + fi + done + done + + echo_done +else + echo_skipped +fi + diff --git a/ipt-firewall-gateway b/ipt-firewall-gateway index a7121f9..b9fa1d7 100755 --- a/ipt-firewall-gateway +++ b/ipt-firewall-gateway @@ -4024,6 +4024,35 @@ else echo_skipped fi +echononl "\t\tEpson Network Scanner (Port $epson_scan_port) only between local Networks" + +if [[ ${#epson_scanner_ip_arr[@]} -gt 0 ]] \ + && $kernel_activate_forwarding \ + && ! $permit_between_local_networks \ + && $allow_scanning_between_local_nets ; then + for _ip in ${epson_scanner_ip_arr[@]} ; do + for _dev in ${local_if_arr[@]} ; do + # - UDP + $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $epson_scan_port -m conntrack --ctstate NEW -j ACCEPT + # - TCP + $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $epson_scan_port -m conntrack --ctstate NEW -j ACCEPT + + # - Note: + # - If (local) alias interfaces like eth1:0 in use, youe need a further + # - special rule. + # - + if $local_alias_interfaces ; then + $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $epson_scan_port --tcp-flag ACK ACK -j ACCEPT + $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $epson_scan_port --tcp-flag ACK ACK -j ACCEPT + fi + done + done + + echo_done +else + echo_skipped +fi + # --- # - Special TCP Ports OUT