- Fix protocol SNMP

- Minor fixes on firewall execution scripts ip6t-firewall-gateway - Add rules "local ip-address to local network" - Add rules "local network to (another) local network"
2017-04-05 18:29:47 +02:00
parent 729539ecfb
commit e5a0f7329c
6 changed files with 297 additions and 36 deletions
--- a/conf/default_ports.conf
+++ b/conf/default_ports.conf
@ -15,11 +15,14 @@ standard_https_port=443
 standard_ftp_port=21
 standard_tftp_udp_port=69
 standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
 standard_timeserver_port=37
 standard_pgp_keyserver_port=11371
 standard_telnet_port=23
 standard_whois_port=43
 standard_cpan_wait_port=1404
+standard_xymon_port=1984
 standard_hbci_port=3000
 standard_mysql_port=3306
 standard_ipp_port=631
--- a/conf/main_ipv4.conf.sample
+++ b/conf/main_ipv4.conf.sample
@ -81,11 +81,13 @@ allow_local_net_to_local_service=""


 # =============
-# - Allow local ip address from given local network
+# - Allow all traffic from local network to local ip-address
 # =============

 # - allow_local_net_to_local_ip
 # -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
 # - All traffic from the given network to the given ip address is allowed
 # -
 # - Example:
@ -98,6 +100,50 @@ allow_local_net_to_local_ip=""



+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="192.168.10.9:10.10.10.0/24
+# -                                192.168.10.16:10.10.10.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_ip_to_local_net="
+   192.168.10.16:10.10.10.0/24"
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="192.168.11.0/24:10.10.11.0/24
+# -                                 192.168.78.0/24:10.10.11.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
 # =============
 # - Allow local ip address from given local interface
 # =============
--- a/conf/main_ipv6.conf.sample
+++ b/conf/main_ipv6.conf.sample
@ -81,11 +81,13 @@ allow_local_net_to_local_service=""


 # =============
-# - Allow local ip address from given local network
+# - Allow all traffic from local network to local ip-address
 # =============

 # - allow_local_net_to_local_ip
 # -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
 # - All traffic from the given network to the given ip address is allowed
 # -
 # - Example:
@ -98,6 +100,49 @@ allow_local_net_to_local_ip=""



+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="2001:6f8:107e:63::20,2001:6f8:107e:64::/64
+# -                                2001:6f8:107e:63::10,2001:6f8:107e:64::/64"
+# -
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="2001:6f8:107e:64::/64,2001:6f8:107e:63::/64
+# -                                 2001:6f8:107e:63::/64,2001:6f8:107e:64::/64"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
 # =============
 # - Allow local ip address from given local interface
 # =============
@ -509,7 +554,9 @@ snmp_server_ips=""

 # - SNMP Port
 # -
-snmp_port="161"
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+


 # ======
@ -540,7 +587,7 @@ local_xymon_client=""

 # - XyMon Ports
 # -
-xymon_port=1984
+xymon_port="$standard_xymon_port"


 # ======
--- a/conf/post_decalrations.conf
+++ b/conf/post_decalrations.conf
@ -83,13 +83,29 @@ for _val in $allow_local_net_to_local_service ; do
 done

 # ---
-# - Allow local ip address from given local network
+# - Allow all traffic from local network to local ip-address
 # ---
 declare -a allow_local_net_to_local_ip_arr
 for _val in $allow_local_net_to_local_ip ; do
   allow_local_net_to_local_ip_arr+=("$_val")
 done

+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
 # ---
 # - Allow local ip address from given local interface
 # ---