From a8e60aa4a39869a1300ed091d971c7cb36bcf298 Mon Sep 17 00:00:00 2001 From: Christoph Date: Wed, 30 Mar 2022 23:41:23 +0200 Subject: [PATCH] Fix error in firewall rules concerning unifi controller. --- ip6t-firewall-gateway | 6 +++--- ipt-firewall-gateway | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ip6t-firewall-gateway b/ip6t-firewall-gateway index 448f7a6..544ecc9 100755 --- a/ip6t-firewall-gateway +++ b/ip6t-firewall-gateway @@ -4411,10 +4411,10 @@ echononl "\t\tUbiquiti Unifi Controller Gateway IN" if $local_unifi_controller_service \ && ( [[ ${#unifi_ap_local_ip_arr[@]} -gt 0 ]] || [[ ${#unifi_ap_extern_ip_arr[@]} -gt 0 ]] ) ; then - for _ip in ${unifi_ap_local_ip_arr[@]} ; do + for _dev in ${local_if_arr[@]} ; do - $ip6t -A INPUT -p tcp -s $_ip -m multiport --dports $unifi_tcp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT - $ip6t -A INPUT -p udp -s $_ip -m multiport --dports $unifi_udp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT + $ip6t -A INPUT -i $_dev -p tcp -m multiport --dports $unifi_tcp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT + $ip6t -A INPUT -i $_dev -p udp -m multiport --dports $unifi_udp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT done diff --git a/ipt-firewall-gateway b/ipt-firewall-gateway index 6222ed5..8d3e247 100755 --- a/ipt-firewall-gateway +++ b/ipt-firewall-gateway @@ -5192,10 +5192,10 @@ echononl "\t\tUbiquiti Unifi Controller Gateway IN from Unifi devicess" if $local_unifi_controller_service \ && ( [[ ${#unifi_ap_local_ip_arr[@]} -gt 0 ]] || [[ ${#unifi_ap_extern_ip_arr[@]} -gt 0 ]] ) ; then - for _ip in ${unifi_ap_local_ip_arr[@]} ; do + for _dev in ${local_if_arr[@]} ; do - $ipt -A INPUT -p tcp -s $_ip -m multiport --dports $unifi_tcp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT - $ipt -A INPUT -p udp -s $_ip -m multiport --dports $unifi_udp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT + $ipt -A INPUT -i $_dev -p tcp -m multiport --dports $unifi_tcp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT + $ipt -A INPUT -i $_dev -p udp -m multiport --dports $unifi_udp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT done