firewall/ipt-gateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adjust Unifi Rules - Open STUN PORT from controller to APs.

Browse Source
This commit is contained in:
Christoph 2018-07-27 14:05:48 +02:00
parent 2affc448c2
commit 9e3f3012f9
4 changed files with 63 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
conf/main_ipv4.conf.sample
View File

@ -838,6 +838,7 @@ remote_console_port=5900
# - same controller machine. # - same controller machine.
# - # -
# - unifi_stun_port=3478 # UDP port used for STUN # - unifi_stun_port=3478 # UDP port used for STUN
# - # Open Port from controller to Unifi APs
# - # -
# - # -
# - Ubiquity Networks uses port 10001/UDP for its AirControl # - Ubiquity Networks uses port 10001/UDP for its AirControl
@ -866,11 +867,17 @@ unify_broadcast_udp_ports="10001,5656:5699"
# - # -
local_unifi_controller_service=false local_unifi_controller_service=false
# - Unifi Accesspoints (AP's) controlled by UniFi controller at Gateway
# -
unifi_ap_local_ips=""
# - UniFi Controllers on local network (other than this machine) # - UniFi Controllers on local network (other than this machine)
# - # -
unify_controller_local_net_ips="" unify_controller_local_net_ips=""
# ====== # ======
# - IPMI Tools # - IPMI Tools
# ====== # ======

7
conf/main_ipv6.conf.sample
View File

@ -806,6 +806,7 @@ remote_console_port=5900
# - same controller machine. # - same controller machine.
# - # -
# - unifi_stun_port=3478 # UDP port used for STUN # - unifi_stun_port=3478 # UDP port used for STUN
# - # Open Port from controller to Unifi APs
# - # -
# - # -
# - Ubiquity Networks uses port 10001/UDP for its AirControl # - Ubiquity Networks uses port 10001/UDP for its AirControl
@ -834,11 +835,17 @@ unify_broadcast_udp_ports="10001,5656:5699"
# - # -
local_unifi_controller_service=false local_unifi_controller_service=false
# - Unifi Accesspoints (AP's) controlled by UniFi controller at Gateway
# -
unifi_ap_local_ips=""
# - UniFi Controllers on local network (other than this machine) # - UniFi Controllers on local network (other than this machine)
# - # -
unify_controller_local_net_ips="" unify_controller_local_net_ips=""
# ====== # ======
# - IPMI Tools # - IPMI Tools
# ====== # ======

28
ip6t-firewall-gateway
View File

@ -2860,11 +2860,11 @@ fi
# --- # ---
# - Ubiquiti Unifi Controler (Accesspoints) Gateway # - Ubiquiti Unifi Controller (Accesspoints) Gateway
# --- # ---
echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway" echononl "\t\tUbiquiti Unifi Controller Gateway"
if $local_unifi_controller_service ; then if $local_unifi_controller_service ; then
for _dev in ${local_if_arr[@]} ; do for _dev in ${local_if_arr[@]} ; do
$ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT $ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
@ -2878,12 +2878,32 @@ else
echo_skipped echo_skipped
fi fi
echononl "\t\tUbiquiti Unifi Controller Gateway - STUN to Unifi APs"
if $local_unifi_controller_service ; then
if [[ ${#unifi_ap_local_ip_arr[@]} -gt 0 ]] ; then
for _ip_ap in ${unifi_ap_local_ip_arr[@]} ; do
$ip6t -A OUTPUT -p udp -d $_ip_ap -m multiport --sports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
done
echo_done
else
echo_skipped
warn "Local Unifi Controller is defined, but no Unifi APs!"
fi
else
echo_skipped
fi
# --- # ---
# - Ubiquiti Unifi Controler (Accesspoints) local Network # - Ubiquiti Unifi Controller (Accesspoints) local Network
# --- # ---
echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network" echononl "\t\tUbiquiti Unifi Controller (Accesspoints) local Network"
if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \ if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
&& $kernel_forward_between_interfaces \ && $kernel_forward_between_interfaces \
&& ! $permit_between_local_networks ; then && ! $permit_between_local_networks ; then

29
ipt-firewall-gateway
View File

@ -3573,11 +3573,11 @@ fi
# --- # ---
# - Ubiquiti Unifi Controler (Accesspoints) Gateway # - Ubiquiti Unifi Controller Gateway
# --- # ---
echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway" echononl "\t\tUbiquiti Unifi Controller Gateway"
if $local_unifi_controller_service ; then if $local_unifi_controller_service ; then
for _dev in ${local_if_arr[@]} ; do for _dev in ${local_if_arr[@]} ; do
$ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
@ -3592,11 +3592,32 @@ else
fi fi
echononl "\t\tUbiquiti Unifi Controller Gateway - STUN to Unifi APs"
if $local_unifi_controller_service ; then
if [[ ${#unifi_ap_local_ip_arr[@]} -gt 0 ]] ; then
for _ip_ap in ${unifi_ap_local_ip_arr[@]} ; do
$ipt -A OUTPUT -p udp -d $_ip_ap -m multiport --sports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
done
echo_done
else
echo_skipped
warn "Local Unifi Controller is defined, but no Unifi APs!"
fi
else
echo_skipped
fi
# --- # ---
# - Ubiquiti Unifi Controler (Accesspoints) local Network # - Ubiquiti Unifi Controller local Network
# --- # ---
echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network" echononl "\t\tUbiquiti Unifi Controller local Network"
if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \ if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
&& $kernel_activate_forwarding \ && $kernel_activate_forwarding \
&& ! $permit_between_local_networks ; then && ! $permit_between_local_networks ; then