Add support for local service reachable from all extern networks.

2020-07-30 16:06:18 +02:00
parent 5a958fa332
commit f6db682d37
5 changed files with 161 additions and 0 deletions
--- a/conf/main_ipv4.conf.sample
+++ b/conf/main_ipv4.conf.sample
@ -73,6 +73,32 @@ any_access_to_inet_networks=""
 any_access_from_inet_networks=""


+# =============
+# - Allow local services from ALL extern netwoks
+# =============
+
+# - allow_all_ext_traffic_to_local_service
+# -
+# - allow_all_ext_traffic_to_local_service="local-address:port:protocol [local-address:port:protocol] .."
+# -
+# - Note:
+# - =====
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Example:
+# -    allow extern traffic to service at 83.223.73.210 on port 1036
+# -    allow extern traffic to https service at 83.223.73.204
+# -
+# -    allow_ext_net_to_local_service="
+# -       83.223.73.210:1036:tcp
+# -       83.223.73.204:$standard_https_port:tcp
+# -    "
+# -
+# - Blank separated list
+# -    
+allow_all_ext_traffic_to_local_service=""
+
+

 # =============
 # - Allow local services from given extern networks
--- a/conf/main_ipv6.conf.sample
+++ b/conf/main_ipv6.conf.sample
@ -70,6 +70,33 @@ any_access_from_inet_networks=""



+# =============
+# - Allow local services from ALL extern netwoks
+# =============
+
+# - allow_all_ext_traffic_to_local_service
+# -
+# - allow_all_ext_traffic_to_local_service="local-address,port,protocol [local-address,port,protocol] .."
+# -
+# - Note:
+# - =====
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Example:
+# -    allow extern traffic to service at 2a01:30:1fff:fd00::210 on port 1036
+# -    allow extern traffic to https service at 2a01:30:1fff:fd00::204
+# -
+# -    allow_ext_net_to_local_service="
+# -       83.223.73.210,1036,tcp
+# -       83.223.73.204,$standard_https_port,tcp
+# -    "
+# -
+# - Blank separated list
+# -
+allow_all_ext_traffic_to_local_service=""
+
+
+
 # =============
 # - Allow local services from given extern networks
 # =============
--- a/conf/post_decalrations.conf
+++ b/conf/post_decalrations.conf
@ -85,6 +85,14 @@ for _net in $any_access_from_inet_networks ; do
   any_access_from_inet_network_arr+=("$_net")
 done

+# ---
+# - Allow local services from ALL extern netwoks
+# ---
+declare -a allow_all_ext_traffic_to_local_service_arr 
+for _val in $allow_all_ext_traffic_to_local_service ; do
+   allow_all_ext_traffic_to_local_service_arr+=("$_val")
+done
+
 # ---
 # - Allow local services from given extern networks
 # ---