firewall/ipt-gateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix error: add missing code for 'allow_samba_requests_out'.

Browse Source
This commit is contained in:
Christoph 2018-10-21 18:17:21 +02:00
parent d47af85e5c
commit 9417303654
2 changed files with 67 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
ip6t-firewall-gateway
View File

@ -2124,6 +2124,39 @@ else
fi fi
# ---
# - Samba Service only out
# ---
echononl "\t\tSamba Service only out"
if $allow_samba_requests_out && ! $permit_local_net_to_inet ; then
for _dev in ${ext_if_arr[@]} ; do
for _port in ${samba_udp_ports[@]} ; do
$ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
done
for _port in ${samba_tcp_ports[@]} ; do
$ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
done
if $kernel_forward_between_interfaces : then
for _port in ${samba_udp_ports[@]} ; do
$ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
done
for _port in ${samba_tcp_ports[@]} ; do
$ip6t -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
done
fi
done
echo_done
else
echo_skipped
fi
# --- # ---
# - Samba Service Gateway (only for local Networks) # - Samba Service Gateway (only for local Networks)

34
ipt-firewall-gateway
View File

@ -2818,6 +2818,40 @@ else
fi fi
# ---
# - Samba Service only out
# ---
echononl "\t\tSamba Service only out"
if $allow_samba_requests_out && ! $permit_local_net_to_inet ; then
for _dev in ${ext_if_arr[@]} ; do
for _port in ${samba_udp_ports[@]} ; do
$ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
done
for _port in ${samba_tcp_ports[@]} ; do
$ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
done
if $kernel_activate_forwarding ; then
for _port in ${samba_udp_ports[@]} ; do
echo -e "\n$ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT"
$ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
done
for _port in ${samba_tcp_ports[@]} ; do
echo "$ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT"
$ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
done
fi
done
echo_done
else
echo_skipped
fi
# --- # ---
# - Samba Service Gateway (only for local Networks) # - Samba Service Gateway (only for local Networks)