firewall/ipt-gateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of git.oopen.de:firewall/ipt-gateway

Browse Source
This commit is contained in:
Christoph 2021-04-20 02:08:44 +02:00
commit 82f2e6486e
3 changed files with 77 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
conf/main_ipv4.conf.sample
View File

@ -1365,6 +1365,7 @@ udp_out_ports=""
other_services="" other_services=""
# ============= # =============
# --- Masuqerading # --- Masuqerading
# ============= # =============
@ -1402,6 +1403,34 @@ nat_networks=""
masquerade_tcp_cons="" masquerade_tcp_cons=""
# - Masquerade UDP Connections
# -
# - masquerade_udp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>: ..]"
# -
# - Example:
# -
# - masquerade_udp_con="192.168.63.0/24:192.168.62.244:123"
# - 10.0.0.0/8:192.168.62.244:161"
# -
# -
# - Blank separated list
# -
masquerade_udp_cons=""
# - Masquerade ICMP Connections
# -
# - masquerade_icmp_cons="<src-network>:<dst-host> [<src-network>:<dst-host>] .."
# -
# - 192.168.81.249: Switch
# -
# - Blank separated list
# -
masquerade_icmp_cons=""
# ============= # =============
# --- Portforwarding # --- Portforwarding
# ============= # =============

10
conf/post_decalrations.conf
View File

@ -19,6 +19,16 @@ for _str in $masquerade_tcp_cons ; do
masquerade_tcp_con_arr+=("$_str") masquerade_tcp_con_arr+=("$_str")
done done
declare -a masquerade_udp_con_arr
for _str in $masquerade_udp_cons ; do
masquerade_udp_con_arr+=("$_str")
done
declare -a masquerade_icmp_con_arr
for _str in $masquerade_icmp_cons ; do
masquerade_icmp_con_arr+=("$_str")
done
# --- # ---
# - Extern Network interfaces (DSL, Staic Lines, All together) # - Extern Network interfaces (DSL, Staic Lines, All together)

39
ipt-firewall-gateway
View File

@ -303,7 +303,7 @@ fi
if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
echo_warning echo_warning
for _ip in ${no_if_for_ip_arr[@]} ; do for _ip in ${no_if_for_ip_arr[@]} ; do
warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!" warn "(TCP) Masquerading for ip '$_ip' was omitted - No destination interface present!"
done done
else else
echo_done echo_done
@ -311,6 +311,43 @@ fi
echo echo
unset no_if_for_ip_arr
declare -a no_if_for_ip_arr
if [[ ${#masquerade_udp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
for _val in "${masquerade_udp_con_arr[@]}" ; do
IFS=':' read -a _val_arr <<< "${_val}"
# - Skip if no interface is given
# -
if [[ -z "${_val_arr[3]}" ]] ; then
no_if_for_ip_arr+=("${_val_arr[1]}")
continue
fi
$ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p udp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
done
fi
#echo_done # Flushing firewall iptable (IPv4)..
if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
echo_warning
for _ip in ${no_if_for_ip_arr[@]} ; do
warn "(UDP) Masquerading for ip '$_ip' was omitted - No destination interface present!"
done
else
echo_done
fi
echo
if [[ ${#masquerade_icmp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
for _val in "${masquerade_icmp_con_arr[@]}" ; do
IFS=':' read -a _val_arr <<< "${_val}"
$ipt -t nat -A POSTROUTING -p icmp -s ${_val_arr[0]} -d ${_val_arr[1]} -j MASQUERADE
done
fi
# ------------- # -------------
# - Log given IP Addresses # - Log given IP Addresses
# ------------- # -------------