Add support for Remote Desktop Services (RDS).

2026-03-11 14:06:08 +01:00
parent 1f5c01d8c9
commit b84a7d8527
5 changed files with 71 additions and 0 deletions
--- a/conf/default_ports.conf
+++ b/conf/default_ports.conf
@@ -25,6 +25,7 @@ standard_ntp_port=123
 standard_pgp_keyserver_port=11371
 standard_print_port=9100
 standard_print_raw_port=515
+standard_rdp_port=3389
 standard_remote_console_port=5900
 standard_silc_port=706
 standard_smtp_port=25
--- a/conf/main_ipv4.conf.sample
+++ b/conf/main_ipv4.conf.sample
@@ -1297,6 +1297,21 @@ declare -A rm_server_dmz_arr
 remote_console_port=5900


+# ======
+# - Remote Desktop Dienste
+# ======
+
+# - RDS Server local Networks
+# -
+# - Blank separated list
+# -
+rds_server_ips=""
+
+# Listen RDP Port
+#
+rds_server_tcp_port="$standard_rdp_port"
+
+
 # ======
 # - Ubiquiti Unifi
 # ======
--- a/conf/main_ipv6.conf.sample
+++ b/conf/main_ipv6.conf.sample
@@ -1269,6 +1269,21 @@ declare -A rm_server_dmz_arr
 remote_console_port=5900


+# ======
+# - Remote Desktop Dienste
+# ======
+
+# - RDS Server local Networks
+# -
+# - Blank separated list
+# -
+rds_server_ips=""
+
+# Listen RDP Port
+#
+rds_server_tcp_port="$standard_rdp_port"
+
+
 # ======
 # - Ubiquiti Unifi
 # ======
--- a/conf/post_decalrations.conf
+++ b/conf/post_decalrations.conf
@@ -535,6 +535,16 @@ for _ip in $rm_server_ips ; do
   rm_server_ip_arr+=("$_ip")
 done

+
+# ---
+# - IP Addresses RDS Service
+# ---
+declare -a rds_server_ip_arr=()
+for _ip in $rds_server_ips ; do
+   rds_server_ip_arr+=("$_ip")
+done
+
+
 # ---
 # - IP Addresses Rsync Out
 # ---
--- a/30
+++ b/30
@@ -4705,6 +4705,36 @@ else
 fi


+# ---
+# - Remote Desktop Dienste (RDS)
+# ---
+
+echononl "\t\tRemote Desktop Dienste (RDS)"
+
+
+if [[ ${#rds_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rds_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $rds_server_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $rds_server_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $rds_server_tcp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $rds_server_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
 # ---
 # - Munin Service Gateway
 # ---