firewall/ipt-gateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for FreeIPA Service on local networks.

Browse Source
This commit is contained in:
Christoph
2024-08-17 22:19:12 +02:00
parent 06199517c7
commit 80bf02d7ad
6 changed files with 88 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ip6t-firewall-gateway
View File

@ -4649,6 +4649,29 @@ else
fi
# ---
# - freeIPA Services local Networks
# ---
echononl "\t\tFreeIPA Services local Networks"
if [[ ${#freeipa_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
for _ip in ${freeipa_server_ip_arr[@]} ; do
$ip6t -A OUTPUT -p udp -d $_ip -m multiport --dports $freeipa_udp_in_ports -m conntrack --ctstate NEW -j ACCEPT
$ip6t -A OUTPUT -p tcp -d $_ip -m multiport --dports $freeipa_udp_in_ports -m conntrack --ctstate NEW -j ACCEPT
if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
for _dev in ${local_if_arr[@]} ; do
$ip6t -A FORWARD -i $_dev -p udp -d $_ip -m multiport --dports $freeipa_udp_in_ports -m conntrack --ctstate NEW -j ACCEPT
$ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $freeipa_udp_in_ports -m conntrack --ctstate NEW -j ACCEPT
done
fi
done
echo_done
else
echo_skipped
fi
# ---
# - WakeOnLan only out into local Networks
# ---