firewall/ipt-gateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Modify gaming rules.

Browse Source
This commit is contained in:
Christoph 2022-11-13 02:36:50 +01:00
parent 338b2cf8d7
commit fa86a604d6
4 changed files with 208 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
conf/default_ports.conf
View File

@ -361,7 +361,12 @@ standard_game_fifa21_udp_ports="3074,3478,3479,3659,6000"
# 4380 udp (Steam client)
#
standard_game_steam_tcp_ports="6010,6020,6030,6040,8888,27000:27013,27014,27015,27016:27030,27031,27032:27050,44333"
standard_game_steam_udp_ports="12000,27000:27015,27016:27030,27031,27036,3478,4379,4380"
standard_game_steam_udp_ports="3478,4379,4380,12000,27000:27015,27016:27030,27031,27036,27037:27100"
# Local Ports (Steam)
#
standard_game_steam_udp_local_ports="27031:27036"
standard_game_steam_tcplocal_ports="27031:27036"
# Ports game 'Call of Duty'
#
@ -395,7 +400,7 @@ standard_game_steam_udp_ports="12000,27000:27015,27016:27030,27031,27036,3478,43
# UDP: 53, 88, 500, 3074, 3075, 3076, 3077, 3078, 3079, 3544, 4500, 5223
#
standard_game_call_of_duty_pc_tcp_ports="3074,27014,27015,27016:27030,27031,27032:27050"
standard_game_call_of_duty_pc_udp_ports="3074,3075,3076,3077,3078,3079,3478,4379,4380,27000:27013,27014,27015,27016:27030,27031:27036"
standard_game_call_of_duty_pc_udp_ports="3074,3075,3076,3077,3078,3079,3478,4379,4380,27000:27013,27014,27015,27016:27030,27031,27032:27035,27036"
standard_game_call_of_duty_ps_tcp_ports="80,443,1935,3074,3478,3479,3480,5223"
standard_game_call_of_duty_ps_udp_ports="3074,3075,3076,3077,3078,3079,3478,3479,3658,5223"
@ -403,6 +408,16 @@ standard_game_call_of_duty_ps_udp_ports="3074,3075,3076,3077,3078,3079,3478,3479
standard_game_call_of_duty_xbox_tcp_ports="53,80,3074"
standard_game_call_of_duty_xbox_udp_ports="53,88,500,3074,3075,3076,3077,3078,3079,3544,4500,5223"
# Local Ports (mostly dedicated to 'Call of Duty' game)
#
standard_game_call_of_duty_udp_local_ports="3074,41900,62976"
# Other ports not dedicated to a specific game
#
standard_game_universell_udp=""
standard_game_universell_tcp=""
# -------------
# --- Predefined Ports

92
conf/post_decalrations.conf
View File

@ -540,6 +540,11 @@ done
declare -a out_udp_port_arr=()
declare -a out_tcp_port_arr=()
# Servives local ports
#
declare -a out_udp_local_port_arr=()
declare -a out_tcp_local_port_arr=()
# ---
# - DNS out only
# ---
@ -1429,17 +1434,87 @@ done
# ---
# Gaming
# ---
if $allow_game_xbox_one_out \
if $allow_game_steam_out \
|| $allow_game_call_of_duty \
|| $allow_game_xbox_one_out \
|| $allow_game_xbox_360_out \
|| $allow_game_ps3_out \
|| $allow_game_ps4_out \
|| $allow_game_fifa21_out ; then
allow_gaming_out=true
else
allow_gaming_out=false
fi
# Games local ports
#
declare -a game_ports_local_udp_arr=()
if $allow_game_steam_out ; then
IFS=',' ; for _port in $standard_game_steam_udp_local_ports ; do
if containsElement "${_port}" "${out_udp_local_port_arr[@]}" ; then
continue
fi
out_udp_local_port_arr+=("$_port")
game_ports_local_udp_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_call_of_duty ; then
IFS=',' ; for _port in $standard_game_call_of_duty_udp_local_ports ; do
if containsElement "${_port}" "${out_udp_local_port_arr[@]}" ; then
continue
fi
out_udp_local_port_arr+=("$_port")
game_ports_local_udp_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
declare -a game_ports_local_tcp_arr=()
if $allow_game_steam_out ; then
IFS=',' ; for _port in $standard_game_steam_tcplocal_ports ; do
if containsElement "${_port}" "${out_tcp_local_port_arr[@]}" ; then
continue
fi
out_tcp_local_port_arr+=("$_port")
game_ports_local_tcp_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
# Games (remote) ports
#
declare -a game_ports_udp_arr=()
if $allow_gaming_out ; then
IFS=',' ; for _port in $standard_game_universell_udp ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
game_ports_udp_arr+=("$_port")
out_udp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_xbox_360_out ; then
IFS=',' ; for _port in $standard_game_xbox_one_udp_ports ; do
@ -1565,6 +1640,21 @@ fi
declare -a game_ports_tcp_arr=()
if $allow_gaming_out ; then
IFS=',' ; for _port in $standard_game_universell_tcp ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
game_ports_tcp_arr+=("$_port")
out_tcp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_xbox_360_out ; then
IFS=',' ; for _port in $standard_game_xbox_one_tcp_ports ; do

50
ip6t-firewall-gateway
View File

@ -2183,6 +2183,16 @@ if $allow_http_request_out && ! $permit_local_net_to_inet ; then
if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
$ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
fi
# - Note:
# - If (local) alias interfaces like eth1:0 in use, youe need a further
# - special rule.
# -
if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
$ip6t -A FORWARD -p tcp -o $_dev -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
$ip6t -A FORWARD -p tcp -i $_dev -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
fi
done
echo_done
else
@ -4695,6 +4705,46 @@ fi
# ---
echo ""
ec:,hononl "\t\tGaming UDP local Ports out"
if $allow_gaming_out ; then
for _dev in ${ext_if_arr[@]} ; do
for _port in ${game_ports_local_udp_arr[@]} ; do
$ip6t -A FORWARD -o $_dev -p udp --sport $_port -m conntrack --ctstate NEW -j ACCEPT
done
done
echo_done
else
echo_skipped
fi
echononl "\t\tGaming TCP local Ports out"
if $allow_gaming_out ; then
for _dev in ${ext_if_arr[@]} ; do
for _port in ${game_ports_local_tcp_arr[@]} ; do
$ip6t -A FORWARD -o $_dev -p tcp --sport $_port -m conntrack --ctstate NEW -j ACCEPT
done
# - Rule is needed if (local) interface aliases in use (like eth0:1)
# -
if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
$ip6t -A FORWARD -p tcp -o $_dev --sport $_port --tcp-flag ACK ACK -j ACCEPT
$ip6t -A FORWARD -p tcp -i $_dev --dport $_port --tcp-flag ACK ACK -j ACCEPT
fi
done
echo_done
else
echo_skipped
fi
echononl "\t\tGaming UDP Ports out"
if $allow_gaming_out && ! $permit_local_net_to_inet ; then

50
ipt-firewall-gateway
View File

@ -2941,6 +2941,17 @@ if $allow_http_request_out && ! $permit_local_net_to_inet ; then
if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
$ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
fi
# - Note:
# - If (local) alias interfaces like eth1:0 in use, youe need a further
# - special rule.
# -
if $kernel_activate_forwarding && $local_alias_interfaces ; then
$ipt -A FORWARD -p tcp -o $_dev -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
$ipt -A FORWARD -p tcp -i $_dev -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
fi
done
echo_done
else
@ -5499,6 +5510,45 @@ fi
# ---
echo ""
echononl "\t\tGaming UDP local Ports out"
if $allow_gaming_out ; then
for _dev in ${ext_if_arr[@]} ; do
for _port in ${game_ports_local_udp_arr[@]} ; do
$ipt -A FORWARD -o $_dev -p udp --sport $_port -m conntrack --ctstate NEW -j ACCEPT
done
done
echo_done
else
echo_skipped
fi
echononl "\t\tGaming TCP local Ports out"
if $allow_gaming_out ; then
for _dev in ${ext_if_arr[@]} ; do
for _port in ${game_ports_local_tcp_arr[@]} ; do
$ipt -A FORWARD -o $_dev -p tcp --sport $_port -m conntrack --ctstate NEW -j ACCEPT
done
# - Rule is needed if (local) interface aliases in use (like eth0:1)
# -
if $kernel_activate_forwarding && $local_alias_interfaces ; then
$ipt -A FORWARD -p tcp -o $_dev --sport $_port --tcp-flag ACK ACK -j ACCEPT
$ipt -A FORWARD -p tcp -i $_dev --dport $_port --tcp-flag ACK ACK -j ACCEPT
fi
done
echo_done
else
echo_skipped
fi
echononl "\t\tGaming UDP Ports out"
if $allow_gaming_out && ! $permit_local_net_to_inet ; then