Merge branch 'master' of git.oopen.de:firewall/ipt-gateway

2021-04-20 02:08:44 +02:00 · 2021-04-20 02:08:44 +02:00 · 82f2e6486e
commit 82f2e6486e
parent a570445a32 83a50e5b56
3 changed files with 77 additions and 1 deletions
--- a/conf/main_ipv4.conf.sample
+++ b/conf/main_ipv4.conf.sample
@ -1365,6 +1365,7 @@ udp_out_ports=""
 other_services=""


+
 # =============
 # --- Masuqerading
 # =============
@ -1402,6 +1403,34 @@ nat_networks=""
 masquerade_tcp_cons=""


+# - Masquerade UDP Connections
+# -
+# -    masquerade_udp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>: ..]"
+# -
+# - Example:
+# -
+# -    masquerade_udp_con="192.168.63.0/24:192.168.62.244:123"
+# -                        10.0.0.0/8:192.168.62.244:161"
+# -
+# -
+# - Blank separated list
+# -
+masquerade_udp_cons=""
+
+
+
+# - Masquerade ICMP Connections
+# -
+# -    masquerade_icmp_cons="<src-network>:<dst-host> [<src-network>:<dst-host>] .."
+# -
+# -    192.168.81.249:     Switch
+# -
+# - Blank separated list
+# -
+masquerade_icmp_cons=""
+
+
+
 # =============
 # --- Portforwarding
 # =============
--- a/conf/post_decalrations.conf
+++ b/conf/post_decalrations.conf
@ -19,6 +19,16 @@ for _str in $masquerade_tcp_cons ; do
   masquerade_tcp_con_arr+=("$_str")
 done

+declare -a masquerade_udp_con_arr
+for _str in $masquerade_udp_cons ; do
+   masquerade_udp_con_arr+=("$_str")
+done
+
+declare -a masquerade_icmp_con_arr
+for _str in $masquerade_icmp_cons ; do
+   masquerade_icmp_con_arr+=("$_str")
+done
+

 # ---
 # - Extern Network interfaces (DSL, Staic Lines, All together)
--- a/39
+++ b/39
@ -303,7 +303,7 @@ fi
 if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
   echo_warning
   for _ip in ${no_if_for_ip_arr[@]} ; do
-      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+      warn "(TCP) Masquerading for ip '$_ip' was omitted - No destination interface present!"
   done
 else
   echo_done
@ -311,6 +311,43 @@ fi
 echo


+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_udp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_udp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p udp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "(UDP) Masquerading for ip '$_ip' was omitted - No destination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+if [[ ${#masquerade_icmp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_icmp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      $ipt -t nat -A POSTROUTING -p icmp -s ${_val_arr[0]} -d ${_val_arr[1]} -j MASQUERADE
+   done
+fi
+
+
 # -------------
 # - Log given IP Addresses
 # -------------