Forgot updateting firewall scripts.

ip6t-firewall-gateway

@@ -3406,6 +3406,51 @@ else
 fi
 
 
+# ---
+# - MS SQL Datenbank Services
+# ---
+
+echononl "\t\tMS SQL Datenbank Services only local Networks"
+
+if [[ ${#ms_sql_server_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ms_sql_server_local_ip_arr[@]} ; do
+
+      for _port in ${ms_sql_m_udp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ms_sql_s_tcp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _port in ${ms_sql_m_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ms_sql_s_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ms_sql_m_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ms_sql_s_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
 # ---
 # - LDAP Service only out
 # ---
@@ -4650,6 +4695,9 @@ echononl "\t\tOther local Services"
 if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
    for _val in ${other_service_arr[@]} ; do
       IFS=',' read -a _val_arr <<< "${_val}"
+
+      $ip6t -A OUTPUT -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
       for _dev in ${local_if_arr[@]} ; do
          $ip6t -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
 
@@ -4838,7 +4886,7 @@ if $local_unifi_controller_service \
    $ip6t -A INPUT -p tcp -m multiport --dports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
    $ip6t -A INPUT -p udp -m multiport --dports $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
 
-   if $kernel_activate_forwarding ; then
+   if $kernel_forward_between_interfaces ; then
       $ip6t -A FORWARD -p tcp -m multiport --dports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
       $ip6t -A FORWARD -p tcp -m multiport --sports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
       $ip6t -A FORWARD -p udp -m multiport --dports $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
@@ -5192,7 +5240,7 @@ if $allow_gaming_out && ! $permit_local_net_to_inet ; then
 
          # - Rule is needed if (local) interface aliases in use (like eth0:1)
          # -
-         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
             $ip6t -A FORWARD -p tcp -o $_dev --dport $_port --tcp-flag ACK ACK -j ACCEPT
             $ip6t -A FORWARD -p tcp -i $_dev --sport $_port --tcp-flag ACK ACK -j ACCEPT
          fi

ipt-firewall-gateway

@@ -4232,6 +4232,50 @@ else
 fi
 
 
+# ---
+# - MS SQL Datenbank Services
+# ---
+
+echononl "\t\tMS SQL Datenbank Services only local Networks"
+
+if [[ ${#ms_sql_server_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ms_sql_server_local_ip_arr[@]} ; do
+
+      for _port in ${ms_sql_m_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ms_sql_s_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ms_sql_m_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ms_sql_s_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ms_sql_m_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ms_sql_s_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
 # ---
 # - LDAP Service only out
 # ---
@@ -5507,6 +5551,9 @@ echononl "\t\tOther local Services"
 if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
    for _val in ${other_service_arr[@]} ; do
       IFS=':' read -a _val_arr <<< "${_val}"
+
+      $ipt -A OUTPUT -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
       for _dev in ${local_if_arr[@]} ; do
          $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT