Add support or forwarding rsynd protokoll from local networks.

2019-06-13 13:03:53 +02:00 · 2019-06-13 13:03:53 +02:00 · aead4e0ba8
commit aead4e0ba8
parent 7b34fa3222
4 changed files with 75 additions and 4 deletions
--- a/conf/main_ipv4.conf.sample
+++ b/conf/main_ipv4.conf.sample
@ -1005,6 +1005,10 @@ rsync_ports="873"
 # - 
 local_rsync_out=false

+# - forward rsync out for all machine's behind the firewall?
+# - 
+forward_rsync_out=false
+


 # =============
--- a/conf/main_ipv6.conf.sample
+++ b/conf/main_ipv6.conf.sample
@ -972,6 +972,10 @@ rsync_ports="873"
 # - 
 local_rsync_out=false

+# - forward rsync out for all machine's behind the firewall?
+# -
+forward_rsync_out=false
+


 # =============
--- a/36
+++ b/36
@ -3168,10 +3168,10 @@ fi


 # ---
-# - Rsync only Out Gateway 
+# - Rsyncd (only Out) Gateway 
 # ---

-echononl "\t\tRsync (only OUT) Gateway"
+echononl "\t\tRsyncd (only OUT) Gateway"

 if $local_rsync_out ; then
   for _dev in ${ext_if_arr[@]} ; do
@ -3186,6 +3186,38 @@ else
 fi


+# ---
+# - Rsyncd (only OUT) from all local networks"
+# ---
+
+echononl "\t\tRsyncd (only OUT) from all local networks"
+
+if $forward_rsync_out && $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+   for _local_dev in ${local_if_arr[@]} ; do
+      for _ext_dev in ${ext_if_arr[@]} ; do
+         for _port in ${rsync_port_arr[@]} ; do
+
+            $ip6t -A FORWARD -i $_local_dev -o $_ext_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if $local_alias_interfaces  ; then
+               $ip6t -A FORWARD -i $_local_dev -o $_ext_dev -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -i $_ext_dev -o $_local_dev -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            fi 
+         done
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi 
+
+
+
 # ---
 # - Rsync only Out from given local machines
 # ---
--- a/35
+++ b/35
@ -3876,10 +3876,10 @@ fi


 # ---
-# - Rsync only Out Gateway 
+# - Rsyncd (only Out) Gateway 
 # ---

-echononl "\t\tRsync (only OUT) Gateway"
+echononl "\t\tRsyncd (only OUT) Gateway"

 if $local_rsync_out ; then
   for _dev in ${ext_if_arr[@]} ; do
@ -3894,6 +3894,37 @@ else
 fi


+# ---
+# - Rsyncd (only OUT) from all local networks"
+# ---
+
+echononl "\t\tRsyncd (only OUT) from all local networks"
+
+if $forward_rsync_out && $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+   for _local_dev in ${local_if_arr[@]} ; do
+      for _ext_dev in ${ext_if_arr[@]} ; do
+         for _port in ${rsync_port_arr[@]} ; do
+
+            $ipt -A FORWARD -i $_local_dev -o $_ext_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if $local_alias_interfaces  ; then
+               $ipt -A FORWARD -i $_local_dev -o $_ext_dev -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -i $_ext_dev -o $_local_dev -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            fi
+         done
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
 # ---
 # - Rsync only Out from given local machines
 # ---