firewall/ipt-gateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix printer rules (if allow_printing_between_local_nets=true)

Browse Source
This commit is contained in:
Christoph 2017-03-20 04:41:27 +01:00
parent d4ae628145
commit df03336118
2 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
ip6t-firewall-gateway
View File

@ -2335,6 +2335,12 @@ if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $al
fi fi
$ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
done done
if $local_alias_interfaces ; then
$ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
$ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
fi
done done
echo_done echo_done
else else
@ -2356,6 +2362,12 @@ if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $al
fi fi
$ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
done done
if $local_alias_interfaces ; then
$ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
$ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
fi
done done
echo_done echo_done
else else
@ -2377,6 +2389,12 @@ if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $al
fi fi
$ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
done done
if $local_alias_interfaces ; then
$ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
$ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
fi
done done
echo_done echo_done
else else

18
ipt-firewall-gateway
View File

@ -2756,6 +2756,12 @@ if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_pri
fi fi
$ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
done done
if $local_alias_interfaces ; then
$ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
$ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
fi
done done
echo_done echo_done
else else
@ -2777,6 +2783,12 @@ if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_pri
fi fi
$ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
done done
if $local_alias_interfaces ; then
$ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
$ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
fi
done done
echo_done echo_done
else else
@ -2798,6 +2810,12 @@ if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_pri
fi fi
$ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
done done
if $local_alias_interfaces ; then
$ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
$ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
fi
done done
echo_done echo_done
else else