Add support or forwarding rsynd protokoll from local networks.

2019-06-13 13:03:53 +02:00 · 2019-06-13 13:03:53 +02:00 · aead4e0ba8
commit aead4e0ba8
parent 7b34fa3222
4 changed files with 75 additions and 4 deletions
--- a/conf/main_ipv4.conf.sample
+++ b/conf/main_ipv4.conf.sample
@ -1005,6 +1005,10 @@ rsync_ports="873"
 # - 
 local_rsync_out=false
 # - forward rsync out for all machine's behind the firewall?
 # - 
 forward_rsync_out=false
 # =============
--- a/conf/main_ipv6.conf.sample
+++ b/conf/main_ipv6.conf.sample
@ -972,6 +972,10 @@ rsync_ports="873"
 # - 
 local_rsync_out=false
 # - forward rsync out for all machine's behind the firewall?
 # -
 forward_rsync_out=false
 # =============
--- a/36
+++ b/36
@ -3168,10 +3168,10 @@ fi
 # ---
-# - Rsync only Out Gateway 
+# - Rsyncd (only Out) Gateway 
 # ---
-echononl "\t\tRsync (only OUT) Gateway"
+echononl "\t\tRsyncd (only OUT) Gateway"
 if $local_rsync_out ; then
   for _dev in ${ext_if_arr[@]} ; do
@ -3186,6 +3186,38 @@ else
 fi
 # ---
 # - Rsyncd (only OUT) from all local networks"
 # ---
 echononl "\t\tRsyncd (only OUT) from all local networks"
 if $forward_rsync_out && $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
   for _local_dev in ${local_if_arr[@]} ; do
      for _ext_dev in ${ext_if_arr[@]} ; do
         for _port in ${rsync_port_arr[@]} ; do
            $ip6t -A FORWARD -i $_local_dev -o $_ext_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
            # - Note:
            # - If (local) alias interfaces like eth1:0 in use, youe need a further
            # - special rule.
            # -
            if $local_alias_interfaces  ; then
               $ip6t -A FORWARD -i $_local_dev -o $_ext_dev -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
               $ip6t -A FORWARD -i $_ext_dev -o $_local_dev -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
            fi 
         done
      done
   done
   echo_done
 else
   echo_skipped
 fi 
 # ---
 # - Rsync only Out from given local machines
 # ---
--- a/35
+++ b/35
@ -3876,10 +3876,10 @@ fi
 # ---
-# - Rsync only Out Gateway 
+# - Rsyncd (only Out) Gateway 
 # ---
-echononl "\t\tRsync (only OUT) Gateway"
+echononl "\t\tRsyncd (only OUT) Gateway"
 if $local_rsync_out ; then
   for _dev in ${ext_if_arr[@]} ; do
@ -3894,6 +3894,37 @@ else
 fi
 # ---
 # - Rsyncd (only OUT) from all local networks"
 # ---
 echononl "\t\tRsyncd (only OUT) from all local networks"
 if $forward_rsync_out && $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
   for _local_dev in ${local_if_arr[@]} ; do
      for _ext_dev in ${ext_if_arr[@]} ; do
         for _port in ${rsync_port_arr[@]} ; do
            $ipt -A FORWARD -i $_local_dev -o $_ext_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
            # - Note:
            # - If (local) alias interfaces like eth1:0 in use, youe need a further
            # - special rule.
            # -
            if $local_alias_interfaces  ; then
               $ipt -A FORWARD -i $_local_dev -o $_ext_dev -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
               $ipt -A FORWARD -i $_ext_dev -o $_local_dev -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
            fi
         done
      done
   done
   echo_done
 else
   echo_skipped
 fi
 # ---
 # - Rsync only Out from given local machines
 # ---