Change default ports for Unifi Controller and define them in file 'default_ports.conf'.
This commit is contained in:
@ -3749,13 +3749,12 @@ fi
|
||||
# ---
|
||||
|
||||
|
||||
echononl "\t\tUbiquiti Unifi Controller Gateway"
|
||||
echononl "\t\tUbiquiti Unifi Controller Gateway IN"
|
||||
if $local_unifi_controller_service ; then
|
||||
for _dev in ${local_if_arr[@]} ; do
|
||||
$ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
$ip6t -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A INPUT -p tcp -i $_dev -m multiport --dports $unifi_tcp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unifi_udp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
done
|
||||
|
||||
@ -3765,10 +3764,9 @@ if $local_unifi_controller_service ; then
|
||||
#
|
||||
if [[ ${#unifi_ap_extern_ip_arr[@]} -gt 0 ]]; then
|
||||
for _ip in ${unifi_ap_extern_ip_arr[@]} ; do
|
||||
$ip6t -A INPUT -p udp -s $_ip -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
$ip6t -A INPUT -p tcp -s $_ip -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A INPUT -p udp -s $_ip -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A INPUT -p tcp -s $_ip -m multiport --dports $unifi_tcp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A INPUT -p udp -s $_ip -m multiport --dports $unifi_udp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
done
|
||||
fi
|
||||
@ -3778,7 +3776,7 @@ else
|
||||
fi
|
||||
|
||||
|
||||
echononl "\t\tUbiquiti Unifi Controller Gateway - STUN to Unifi APs"
|
||||
echononl "\t\tUbiquiti Unifi Controller Gateway - OUT (to Unifi APs)"
|
||||
if $local_unifi_controller_service \
|
||||
&& ( [[ ${#unifi_ap_local_ip_arr[@]} -gt 0 ]] || [[ ${#unifi_ap_extern_ip_arr[@]} -gt 0 ]] ) ; then
|
||||
|
||||
@ -3786,17 +3784,19 @@ if $local_unifi_controller_service \
|
||||
|
||||
for _ip_ap in ${unifi_ap_local_ip_arr[@]} ; do
|
||||
|
||||
$ip6t -A OUTPUT -p udp -d $_ip_ap -m multiport --sports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A OUTPUT -p tcp -d $_ip_ap -m multiport --sports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A OUTPUT -p udp -d $_ip_ap -m multiport --sports $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
done
|
||||
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ ${#unifi_ap_extern_ip_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
for _ip_ap in ${unifi_ap_local_ip_arr[@]} ; do
|
||||
|
||||
$ip6t -A OUTPUT -p udp -d $_ip_ap -m multiport --sports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A OUTPUT -p tcp -d $_ip_ap -m multiport --sports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A OUTPUT -p udp -d $_ip_ap -m multiport --sports $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
done
|
||||
|
||||
@ -3820,10 +3820,13 @@ if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
|
||||
|
||||
for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
|
||||
for _dev in ${local_if_arr[@]} ; do
|
||||
$ip6t -A FORWARD -i $_dev -p udp -d $_ip_ctl -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
$ip6t -A FORWARD -i $_dev -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -i $_dev -p udp -d $_ip_ctl -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -i $_dev -p tcp -d $_ip_ctl -m multiport --dports $unifi_tcp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -i $_dev -p udp -d $_ip_ctl -m multiport --dports $unifi_udp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
$ip6t -A FORWARD -i $_dev -p tcp -s $_ip_ctl -m multiport --dports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -i $_dev -p udp -s $_ip_ctl -m multiport --dports $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
done
|
||||
|
||||
# - Note:
|
||||
@ -3831,8 +3834,17 @@ if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
|
||||
# - special rule.
|
||||
# -
|
||||
if $local_alias_interfaces ; then
|
||||
$ip6t -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
|
||||
$ip6t -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
|
||||
$ip6t -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unifi_tcp_ctrl_in_ports --tcp-flag ACK ACK -j ACCEPT
|
||||
$ip6t -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unifi_tcp_ctrl_in_ports --tcp-flag ACK ACK -j ACCEPT
|
||||
|
||||
$ip6t -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unifi_tcp_ctrl_out_ports --tcp-flag ACK ACK -j ACCEPT
|
||||
$ip6t -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unifi_tcp_ctrl_out_ports --tcp-flag ACK ACK -j ACCEPT
|
||||
|
||||
$ip6t -A FORWARD -p udp -d $_ip_ctl -m multiport --dports $unifi_udp_ctrl_in_ports --tcp-flag ACK ACK -j ACCEPT
|
||||
$ip6t -A FORWARD -p udp -s $_ip_ctl -m multiport --sports $unifi_udp_ctrl_in_ports --tcp-flag ACK ACK -j ACCEPT
|
||||
|
||||
$ip6t -A FORWARD -p udp -d $_ip_ctl -m multiport --dports $unifi_udp_ctrl_out_ports --tcp-flag ACK ACK -j ACCEPT
|
||||
$ip6t -A FORWARD -p udp -s $_ip_ctl -m multiport --sports $unifi_udp_ctrl_out_ports --tcp-flag ACK ACK -j ACCEPT
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
Reference in New Issue
Block a user