Add support for FreeIPA Service on local networks.

2024-08-17 22:19:12 +02:00 · 2024-08-17 22:19:12 +02:00 · 80bf02d7ad
commit 80bf02d7ad
parent 06199517c7
6 changed files with 88 additions and 0 deletions
--- a/conf/default_ports.conf
+++ b/conf/default_ports.conf
@ -140,6 +140,12 @@ standard_unifi_tcp_ctrl_out_ports="443,8883"
 standard_unifi_udp_ctrl_out_ports="443,3478"
 # freeIPA Ports
 #
 standard_freeipa_tcp_in_ports="53,80,88,443,464,389,636"
 standard_freeipa_udp_in_ports="53,123,88,464"
 # Outbound Streaming Ports TCP
 #
 #    - outbound port 1935/TCP : outbound streaming over RTMP to most
--- a/conf/main_ipv4.conf.sample
+++ b/conf/main_ipv4.conf.sample
@ -968,6 +968,20 @@ snmp_port="$standard_snmp_port"
 snmp_trap_port="$standard_snmp_trap_port"
 # ======
 # - FreeIPA Service
 # ======
 # - FreeIPA services local Networks
 # -
 freeipa_server_ips=""
 # - FreeIPA (in) Ports
 # -
 freeipa_tcp_in_ports="$standard_freeipa_tcp_in_ports"
 freeipa_udp_in_ports="$standard_freeipa_udp_in_ports"
 # ======
 # - Mumble Service
 # ======
--- a/conf/main_ipv6.conf.sample
+++ b/conf/main_ipv6.conf.sample
@ -938,6 +938,20 @@ snmp_port="$standard_snmp_port"
 snmp_trap_port="$standard_snmp_trap_port"
 # ======
 # - FreeIPA Service
 # ======
 # - FreeIPA services local Networks
 # -
 freeipa_server_ips=""
 # - FreeIPA (in) Ports
 # -
 freeipa_tcp_in_ports="$standard_freeipa_tcp_in_ports"
 freeipa_udp_in_ports="$standard_freeipa_udp_in_ports"
 # ======
 # - Mumble Service
--- a/conf/post_decalrations.conf
+++ b/conf/post_decalrations.conf
@ -433,6 +433,14 @@ for _ip in $snmp_server_ips ; do
   snmp_server_ip_arr+=("$_ip")
 done
 # ---
 # - IP Adresses FreeIPA Server
 # ---
 declare -a freeipa_server_ip_arr=()
 for _ip in $freeipa_server_ips ; do
   freeipa_server_ip_arr+=("$_ip")
 done
 # ---
 # - IP Adresses Munin Service 
 # ---
--- a/23
+++ b/23
@ -4649,6 +4649,29 @@ else
 fi
 # ---
 # - freeIPA Services local Networks
 # ---
 echononl "\t\tFreeIPA Services local Networks"
 if [[ ${#freeipa_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
   for _ip in ${freeipa_server_ip_arr[@]} ; do
      $ip6t -A OUTPUT -p udp -d $_ip -m multiport --dports $freeipa_udp_in_ports -m conntrack --ctstate NEW -j ACCEPT
      $ip6t -A OUTPUT -p tcp -d $_ip -m multiport --dports $freeipa_udp_in_ports -m conntrack --ctstate NEW -j ACCEPT
      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
         for _dev in ${local_if_arr[@]} ; do
            $ip6t -A FORWARD -i $_dev -p udp -d $_ip -m multiport --dports $freeipa_udp_in_ports -m conntrack --ctstate NEW -j ACCEPT
            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $freeipa_udp_in_ports -m conntrack --ctstate NEW -j ACCEPT
         done
      fi
   done
   echo_done
 else
   echo_skipped
 fi
 # ---
 # - WakeOnLan only out into local Networks
 # ---
--- a/23
+++ b/23
@ -5452,6 +5452,29 @@ else
 fi
 # ---
 # - freeIPA Services local Networks
 # ---
 echononl "\t\tFreeIPA Services local Networks"
 if [[ ${#freeipa_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
   for _ip in ${freeipa_server_ip_arr[@]} ; do
      $ipt -A OUTPUT -p udp -d $_ip -m multiport --dports $freeipa_udp_in_ports -m conntrack --ctstate NEW -j ACCEPT
      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $freeipa_tcp_in_ports -m conntrack --ctstate NEW -j ACCEPT
      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
         for _dev in ${local_if_arr[@]} ; do
            $ipt -A FORWARD -i $_dev -p udp -d $_ip -m multiport --dports $freeipa_udp_in_ports -m conntrack --ctstate NEW -j ACCEPT
            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $freeipa_tcp_in_ports -m conntrack --ctstate NEW -j ACCEPT
         done
      fi
   done
   echo_done
 else
   echo_skipped
 fi
 # ---
 # - WakeOnLan only out into local Networks
 # ---