#!/usr/bin/env bash # ----------- # --- Define Arrays # ----------- # --- # - Standard mail user prts # --- declare -a standard_mailuser_port_arr=() CUR_IFS="$IFS" IFS=',' ; for _port in $standard_mailuser_ports ; do standard_mailuser_port_arr+=("${_port}") done IFS="$CUR_IFS" # --- # - Masquerade TCP Connections # --- declare -a nat_network_arr=() for _net in $nat_networks ; do nat_network_arr+=("$_net") done declare -a masquerade_tcp_con_arr=() for _str in $masquerade_tcp_cons ; do masquerade_tcp_con_arr+=("$_str") done declare -a masquerade_udp_con_arr=() for _str in $masquerade_udp_cons ; do masquerade_udp_con_arr+=("$_str") done declare -a masquerade_icmp_con_arr=() for _str in $masquerade_icmp_cons ; do masquerade_icmp_con_arr+=("$_str") done # --- # - Extern Network interfaces (DSL, Staic Lines, All together) # --- declare -a nat_device_arr=() declare -a dsl_device_arr=() declare -a ext_if_arr=() for _dev in $ext_ifs_dsl ; do dsl_device_arr+=("$_dev") ext_if_arr+=("$_dev") nat_device_arr+=("$_dev") done for _dev in $ext_ifs_static ; do ext_if_arr+=("$_dev") done for _dev in $nat_devices ; do if ! containsElement $_dev "${nat_device_arr[@]}" ; then nat_device_arr+=("$_dev") fi done # ============= # --- Block UDP Ports out # ============= declare -a block_udp_extern_out_port_arr=() CUR_IFS="$IFS" IFS=',' ; for _port in $block_udp_extern_out_ports ; do block_udp_extern_out_port_arr+=("${_port}") done IFS="$CUR_IFS" # ============= # --- Block TCP Ports out # ============= declare -a block_tcp_extern_out_port_arr=() CUR_IFS="$IFS" IFS=',' ; for _port in $block_tcp_extern_out_ports ; do block_tcp_extern_out_port_arr+=("${_port}") done IFS="$CUR_IFS" # --- # - VPN Interfaces # --- declare -a vpn_if_arr=() for _dev in $vpn_ifs ; do vpn_if_arr+=("$_dev") done # --- # - WireGuard Interfaces # --- declare -a wg_if_arr=() for _dev in $wg_ifs ; do wg_if_arr+=("$_dev") done # --- # - Local Network Interfaces # --- declare -a local_if_arr=() for _dev in $local_ifs ; do local_if_arr+=("$_dev") done # --- # - Network Interfaces completly blocked # --- declare -a blocked_if_arr=() for _dev in $blocked_ifs ; do blocked_if_arr+=("$_dev") done # --- # - Network Interfaces not firewalled # --- declare -a unprotected_if_arr=() for _dev in $unprotected_ifs ; do unprotected_if_arr+=("$_dev") done # --- # - Restrict VPN Network to local Service # --- declare -a restrict_vpn_net_to_local_service_arr=() for _val in $restrict_vpn_net_to_local_service ; do restrict_vpn_net_to_local_service_arr+=("$_val") done # --- # - Restrict VPN Network to local (Sub) network # --- declare -a restrict_vpn_net_to_local_subnet_arr=() for _val in $restrict_vpn_net_to_local_subnet ; do restrict_vpn_net_to_local_subnet_arr+=("$_val") done # --- # - Allow these local networks any access to the internet # --- declare -a any_access_to_inet_network_arr=() for _net in $any_access_to_inet_networks ; do any_access_to_inet_network_arr+=("$_net") done declare -a any_access_from_inet_network_arr=() for _net in $any_access_from_inet_networks ; do any_access_from_inet_network_arr+=("$_net") done # --- # - Allow local services from ALL extern netwoks # --- declare -a allow_all_ext_traffic_to_local_service_arr=() for _val in $allow_all_ext_traffic_to_local_service ; do allow_all_ext_traffic_to_local_service_arr+=("$_val") done # --- # - Allow local services from given extern networks # --- declare -a allow_ext_net_to_local_service_arr=() for _val in $allow_ext_net_to_local_service ; do allow_ext_net_to_local_service_arr+=("$_val") done # --- # - Allow all traffic from extern address/network to local address/network # --- declare -a allow_ext_net_to_local_net_arr=() for _val in $allow_ext_net_to_local_net ; do allow_ext_net_to_local_net_arr+=("$_val") done # --- # - Block all extern traffic to (given) local network # --- declare -a block_all_ext_to_local_net_arr=() for _net in $block_all_ext_to_local_net ; do block_all_ext_to_local_net_arr+=("$_net") done # --- # - Allow all traffic from local ip to the internet # --- declare -a allow_local_ip_to_inet_arr=() for _ip in $allow_local_ip_to_inet ; do allow_local_ip_to_inet_arr+=("$_ip") done # --- # - Allow local services from given local networks # --- declare -a allow_local_net_to_local_service_arr=() for _val in $allow_local_net_to_local_service ; do allow_local_net_to_local_service_arr+=("$_val") done # --- # - Allow all traffic from local network to local ip-address # --- declare -a allow_local_net_to_local_ip_arr=() for _val in $allow_local_net_to_local_ip ; do allow_local_net_to_local_ip_arr+=("$_val") done # --- # - Allow all traffic from local ip-address to local network # --- declare -a allow_local_ip_to_local_net_arr=() for _val in $allow_local_ip_to_local_net ; do allow_local_ip_to_local_net_arr+=("$_val") done # --- # - Allow all traffic from (one) local network to (another) local network # --- declare -a allow_local_net_to_local_net_arr=() for _val in $allow_local_net_to_local_net ; do allow_local_net_to_local_net_arr+=("$_val") done # --- # - Allow local ip address from given local interface # --- declare -a allow_local_if_to_local_ip_arr=() for _val in $allow_local_if_to_local_ip ; do allow_local_if_to_local_ip_arr+=("$_val") done # --- # - Allow extern service from given local interface # --- declare -a allow_local_if_to_ext_service_arr=() for _val in $allow_local_if_to_ext_service ; do allow_local_if_to_ext_service_arr+=("$_val") done # --- # - Allow extern network from given local interface # --- declare -a allow_local_if_to_ext_net_arr=() for _val in $allow_local_if_to_ext_net ; do allow_local_if_to_ext_net_arr+=("$_val") done # --- # - Allow extern service from given local network # --- declare -a allow_local_net_to_ext_service_arr=() for _val in $allow_local_net_to_ext_service ; do allow_local_net_to_ext_service_arr+=("$_val") done # --- # - Allow extern network from given local network # --- declare -a allow_local_net_to_ext_net_arr=() for _val in $allow_local_net_to_ext_net ; do allow_local_net_to_ext_net_arr+=("$_val") done # --- # - Allow extern service # --- declare -a allow_to_ext_service_arr=() for _val in $allow_to_ext_service ; do allow_to_ext_service_arr+=("$_val") done # --- # - Allow extern network # --- declare -a allow_to_ext_net_arr=() for _val in $allow_to_ext_net ; do allow_to_ext_net_arr+=("$_val") done # --- # - Separate local Networks # --- declare -a separate_local_network_arr=() for _net in $separate_local_networks ; do separate_local_network_arr+=("$_net") done # --- # - Separate local Interfaces # --- declare -a separate_local_if_arr=() for _net in $separate_local_ifs ; do separate_local_if_arr+=("$_net") done # --- # - Generally block ports on extern interfaces # --- declare -a block_tcp_port_arr=() for _port in $block_tcp_ports ; do block_tcp_port_arr+=("$_port") done declare -a block_udp_port_arr=() for _port in $block_udp_ports ; do block_udp_port_arr+=("$_port") done # --- # - Not wanted on intern interfaces # --- declare -a not_wanted_on_gw_tcp_port_arr=() for _port in $not_wanted_on_gw_tcp_ports ; do not_wanted_on_gw_tcp_port_arr+=("$_port") done declare -a not_wanted_on_gw_udp_port_arr=() for _port in $not_wanted_on_gw_udp_ports ; do not_wanted_on_gw_udp_port_arr+=("$_port") done # --- # - Private IPs / IP-Ranges allowed to forward # --- declare -a forward_private_ip_arr=() for _ip in $forward_private_ips ; do forward_private_ip_arr+=("$_ip") done # --- # - IP Addresses to log # --- declare -a log_ip_arr=() for _ip in $log_ips ; do log_ip_arr+=("$_ip") done # --- # - Network Devices local DHCP Client # --- declare -a dhcp_client_interfaces_arr=() for _dev in $dhcp_client_interfaces ; do dhcp_client_interfaces_arr+=("$_dev") done # --- # - IP Addresses DHCP Failover Server # --- declare -a dhcp_failover_server_ip_arr=() for _ip in $dhcp_failover_server_ips ; do dhcp_failover_server_ip_arr+=("$_ip") done # --- # - IP Adresses DNS Server # --- declare -a dns_server_ip_arr=() for _ip in $dns_server_ips ; do dns_server_ip_arr+=("$_ip") done # --- # - IP Adresses SSH Server only at ocal Networks # --- declare -a ssh_server_only_local_ip_arr=() for _ip in $ssh_server_only_local_ips ; do ssh_server_only_local_ip_arr+=("$_ip") done # --- # - IP Adresses HTTP Server only local Networks # --- declare -a http_server_only_local_ip_arr=() for _ip in $http_server_only_local_ips ; do http_server_only_local_ip_arr+=("$_ip") done # --- # - IP Addresses Mail Server only local Networks # --- declare -a mail_server_only_local_ip_arr=() for _ip in $mail_server_only_local_ips ; do mail_server_only_local_ip_arr+=("$_ip") done # --- # - IP Addresses FTP Server # --- declare -a ftp_server_only_local_ip_arr=() for _ip in $ftp_server_only_local_ips ; do ftp_server_only_local_ip_arr+=("$_ip") done # --- # - IP Addresses Samba Server # --- declare -a samba_server_local_ip_arr=() for _ip in $samba_server_local_ips ; do samba_server_local_ip_arr+=("$_ip") done # --- # - IP Addresses LDAP Server # --- declare -a ldap_server_local_ip_arr=() for _ip in $ldap_server_local_ips ; do ldap_server_local_ip_arr+=("$_ip") done # --- # - IP Adresses Telephone Systems # --- declare -a tele_sys_ip_arr=() for _ip in $tele_sys_ips ; do tele_sys_ip_arr+=("$_ip") done # --- # - IP Adresses SNMP Server # --- declare -a snmp_server_ip_arr=() for _ip in $snmp_server_ips ; do snmp_server_ip_arr+=("$_ip") done # --- # - IP Adresses FreeIPA Server # --- declare -a freeipa_server_ip_arr=() for _ip in $freeipa_server_ips ; do freeipa_server_ip_arr+=("$_ip") done # --- # - IP Adresses Munin Service # --- declare -a munin_local_server_ip_arr=() for _ip in $munin_local_server_ips ; do munin_local_server_ip_arr+=("$_ip") done # --- # - IP Adresses Checkmk Monitoring Service # --- declare -a checkmk_local_server_ip_arr=() for _ip in $checkmk_local_server_ips ; do checkmk_local_server_ip_arr+=("$_ip") done # --- # - IP Adresses XyMon # --- declare -a xymon_server_ip_arr=() for _ip in $xymon_server_ips ; do xymon_server_ip_arr+=("$_ip") done # --- # - IP Adresses IPMI interface # --- declare -a ipmi_server_ip_arr=() for _ip in $ipmi_server_ips ; do ipmi_server_ip_arr+=("$_ip") done # --- # -IP Addresses Ubiquiti Unifi Accesspoints # --- declare -a unifi_ap_local_ip_arr=() for _ip in $unifi_ap_local_ips ; do unifi_ap_local_ip_arr+=("$_ip") done declare -a unifi_ap_extern_ip_arr=() for _ip in $unifi_ap_extern_ips ; do unifi_ap_extern_ip_arr+=("$_ip") done declare -a unifi_controller_gateway_ip_arr=() for _ip in $unifi_controller_gateway_ips ; do unifi_controller_gateway_ip_arr+=("$_ip") done declare -a unify_controller_local_net_ip_arr=() for _ip in $unify_controller_local_net_ips ; do unify_controller_local_net_ip_arr+=("$_ip") done # --- # - IP Addresses Printer # - declare -a printer_ip_arr=() for _ip in $printer_ips ; do printer_ip_arr+=("$_ip") done # --- # - IP Adresses Brother Scanner (brscan) # --- declare -a brother_scanner_ip_arr=() for _ip in $brother_scanner_ips ; do brother_scanner_ip_arr+=("$_ip") done # --- # - IP Adresses Epson Network Scanner # --- declare -a epson_scanner_ip_arr=() for _ip in $epson_scanner_ips ; do epson_scanner_ip_arr+=("$_ip") done # --- # - IP Addresses PCNS Server # --- declare -a pcns_server_ip_arr=() for _ip in $pcns_server_ips ; do pcns_server_ip_arr+=("$_ip") done # --- # - IP Addresses VNC Service # --- declare -a rm_server_ip_arr=() for _ip in $rm_server_ips ; do rm_server_ip_arr+=("$_ip") done # --- # - IP Addresses Rsync Out # --- # local declare -a rsync_out_ip_arr=() for _ip in $rsync_out_ips ; do rsync_out_ip_arr+=("$_ip") done # --- # - Other local Services # --- declare -a other_service_arr=() for _val in $other_services ; do other_service_arr+=("$_val") done # ================================================== # BEGIN: gather out ports # ================================================== # === # Services # === declare -a out_udp_port_arr=() declare -a out_tcp_port_arr=() # Servives local ports # declare -a out_udp_local_port_arr=() declare -a out_tcp_local_port_arr=() # --- # - DNS out only # --- out_udp_port_arr+=("$standard_dns_port") out_tcp_port_arr+=("$standard_dns_port") # --- # - SSH out only # --- if $allow_ssh_request_out ; then out_tcp_port_arr+=("$standard_ssh_port") fi # --- # SSH Service Gateway # # SSH Services only local Network # --- declare -a ssh_port_arr=() for _port in $ssh_ports ; do ssh_port_arr+=("$_port") done # --- # - Cisco kompartible VPN Ports # --- declare -a cisco_vpn_out_port_arr=() for _port in $cisco_vpn_out_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi cisco_vpn_out_port_arr+=("$_port") if $allow_cisco_vpn_out ; then out_tcp_port_arr+=("$_port") fi done # --- # - VPN Ports # --- declare -a vpn_gw_port_arr=() for _port in $vpn_gw_ports ; do vpn_gw_port_arr+=("$_port") done declare -a vpn_local_net_port_arr=() for _port in $vpn_local_net_ports ; do vpn_local_net_port_arr+=("$_port") done declare -a vpn_out_port_arr=() if [[ -z "$vpn_out_ports" ]] ; then vpn_out_ports="$standard_vpn_port" fi for _port in $vpn_out_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi vpn_out_port_arr+=("$_port") if $allow_vpn_out ; then out_udp_port_arr+=("$_port") fi done # --- # - WireGuard Ports # --- declare -a wg_gw_port_arr=() for _port in $wg_gw_ports ; do wg_gw_port_arr+=("$_port") done declare -a wg_local_net_port_arr=() for _port in $wg_local_net_ports ; do wg_local_net_port_arr+=("$_port") done declare -a wg_out_port_arr=() if [[ -z "$wg_out_ports" ]] ; then wg_out_ports="$standard_wg_port" fi # WireGuard Service only out for _port in $wg_out_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi wg_out_port_arr+=("$_port") if $allow_wg_out ; then out_udp_port_arr+=("$_port") fi done # --- # - Standard http ports # --- #HTTP(S) OUT declare -a standard_http_port_arr=() CUR_IFS="$IFS" IFS=',' ; for _port in $standard_http_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi standard_http_port_arr+=("${_port}") if $allow_http_request_out ; then out_tcp_port_arr+=("$_port") fi done IFS="$CUR_IFS" # Mail Service SMTP only out if $allow_smtp_request_out ; then if containsElement "${standard_smtp_port}" "${out_tcp_port_arr[@]}" ; then continue fi out_tcp_port_arr+=("${standard_smtp_port}") fi # --- # - Standard mail user prts # --- declare -a standard_mailuser_port_arr=() CUR_IFS="$IFS" IFS=',' ; for _port in $standard_mailuser_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi standard_mailuser_port_arr+=("${_port}") if $allow_mail_request_out ; then out_tcp_port_arr+=("$_port") fi done IFS="$CUR_IFS" # --- # - FTP out only # --- if $allow_ftp_request_out ; then if containsElement "${standard_ftp_port}" "${out_tcp_port_arr[@]}" ; then continue fi out_tcp_port_arr+=("${standard_ftp_port}") fi # --- # - Samba Service only out # --- declare -a samba_udp_port_arr=() declare -a samba_udp_port_local_arr=() for _port in $samba_udp_ports ; do samba_udp_port_local_arr+=("${_port}") if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi samba_udp_port_arr+=("$_port") if $allow_samba_requests_out; then out_udp_port_arr+=("$_port") fi done declare -a samba_tcp_port_arr=() declare -a samba_tcp_port_local_arr=() for _port in $samba_tcp_ports ; do samba_tcp_port_local_arr+=("${_port}") if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi samba_tcp_port_arr+=("$_port") if $allow_samba_requests_out; then out_tcp_port_arr+=("$_port") fi done # --- # - LDAP Ports # --- declare -a ldap_udp_port_arr=() declare -a ldap_udp_port_local_arr=() for _port in $ldap_udp_ports ; do ldap_udp_port_local_arr+=("$_port") if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi ldap_udp_port_local_arr+=("$_port") if $allow_samba_requests_out; then out_udp_port_arr+=("$_port") fi done declare -a ldap_tcp_port_arr=() declare -a ldap_tcp_port_local_arr=() for _port in $ldap_tcp_ports ; do ldap_tcp_port_local_arr+=("$_port") if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi ldap_tcp_port_local_arr+=("$_port") if $allow_samba_requests_out; then out_tcp_port_arr+=("$_port") fi done # --- # - NTP out only # --- if $allow_ntp_request_out ; then if containsElement "${standard_ntp_port}" "${out_udp_port_arr[@]}" ; then continue fi out_udp_port_arr+=("$standard_ntp_port") fi # --- # - PGP Keyserver out only # --- if $allow_pgpserver_request_out ; then if containsElement "${standard_pgp_keyserver_port}" "${out_tcp_port_arr[@]}" ; then continue fi out_tcp_port_arr+=("$standard_pgp_keyserver_port") fi # --- # - Telnet out only # --- if $allow_telnet_request_out ; then if containsElement "${standard_telnet_port}" "${out_tcp_port_arr[@]}" ; then continue fi out_tcp_port_arr+=("$standard_telnet_port") fi # --- # - Whois out only # --- if $allow_whois_request_out ; then if containsElement "${standard_whois_port}" "${out_tcp_port_arr[@]}" ; then continue fi out_tcp_port_arr+=("$standard_whois_port") fi # --- # - CPAN Wait only out # --- if $allow_cpan_wait_request_out ; then if containsElement "${standard_cpan_wait_port}" "${out_tcp_port_arr[@]}" ; then continue fi out_tcp_port_arr+=("$standard_cpan_wait_port") fi # --- # - HBCI only out (only forward) # --- if $allow_hbci_request_out ; then if containsElement "${standard_hbci_port}" "${out_tcp_port_arr[@]}" ; then continue fi out_tcp_port_arr+=("$standard_hbci_port") fi # --- # - Jabber only out # --- if $allow_jabber_request_out ; then if containsElement "${standard_jabber_port}" "${out_tcp_port_arr[@]}" ; then continue fi out_tcp_port_arr+=("$standard_jabber_port") fi # --- # - Silc only out # --- if $allow_silc_request_out ; then if containsElement "${standard_silc_port}" "${out_tcp_port_arr[@]}" ; then continue fi out_tcp_port_arr+=("$standard_silc_port") fi # --- # - IRC (Internet Relay Chat) only out # --- if $allow_irc_request_out ; then if containsElement "${standard_irc_port}" "${out_tcp_port_arr[@]}" ; then continue fi out_tcp_port_arr+=("$standard_irc_port") fi # --- # - MySQL (only OUT) # --- if $allow_mysql_request_out ; then if containsElement "${standard_mysql_port}" "${out_tcp_port_arr[@]}" ; then continue fi out_tcp_port_arr+=("$standard_mysql_port") fi # --- # - Timeserver (Port 37 NOT NTP!)" # --- if $allow_timeserver_request_out && ! containsElement "${standard_timeserver_port}" "${out_tcp_port_arr[@]}" ; then out_tcp_port_arr+=("$standard_timeserver_port") fi # --- # - Mumble Service out only # --- if $allow_mumble_request_out && ! containsElement "${standard_mumble_port}" "${out_tcp_port_arr[@]}" ; then out_tcp_port_arr+=("$standard_mumble_port") fi # --- # - Remote Console (VNC) only out # --- if $allow_remote_console_request_out ; then if containsElement "${standard_remote_console_port}" "${out_tcp_port_arr[@]}" ; then continue fi out_tcp_port_arr+=("$standard_remote_console_port") fi # --- # - Allow speedtest ? # --- if $allow_speedtest ; then if containsElement "${standard_speedtest_port}" "${out_tcp_port_arr[@]}" ; then continue fi out_tcp_port_arr+=("$standard_speedtest_port") fi # --- # - Outbound Streaming # --- declare -a outbound_streaming_tcp_port_arr=() CUR_IFS="$IFS" IFS=',' ; for _port in $standard_outbound_streaming_tcp_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi outbound_streaming_tcp_port_arr+=("$_port") if $allow_outbound_streaming ; then out_tcp_port_arr+=("$_port") fi done IFS="$CUR_IFS" declare -a outbound_streaming_udp_port_arr=() CUR_IFS="$IFS" IFS=',' ; for _port in $standard_outbound_streaming_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi outbound_streaming_udp_port_arr+=("$_port") if $allow_outbound_streaming ; then out_udp_port_arr+=("$_port") fi done IFS="$CUR_IFS" # --- # - Turn/Stun Ports # --- if $allow_outbound_streaming \ || $allow_echo360_video_streaming \ || $allow_bigbluebutton_video_conference_out \ || $allow_ms_skype_teams_out \ || $allow_webex_video_conference_out \ || $allow_zoom_video_conference_out \ || $allow_jitsi_video_conference_out \ || $allow_alfaview_video_conference_out \ || $allow_nc_turn_video_conference_out ; then allow_stun_turn_service_out=true else allow_stun_turn_service_out=false fi declare -a standard_turn_service_tcp_port_arr=() declare -a standard_turn_service_udp_port_arr=() CUR_IFS="$IFS" IFS=',' ; for _port in $standard_turn_service_ports ; do if ! containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi standard_turn_service_tcp_port_arr+=("$_port") if $allow_stun_turn_service_out ; then out_tcp_port_arr+=("$_port") fi done IFS=',' ; for _port in $standard_turn_service_ports ; do if ! containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi standard_turn_service_udp_port_arr+=("$_port") if $allow_stun_turn_service_out ; then out_udp_port_arr+=("$_port") fi done IFS=',' ; for _port in $standard_turn_service_udp_ports ; do if ! containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi standard_turn_service_udp_port_arr+=("$_port") if $allow_stun_turn_service_out ; then out_udp_port_arr+=("$_port") fi done IFS="$CUR_IFS" # --- # - Echo360 Video Plattform # --- declare -a echo360_udp_port_arr=() CUR_IFS="$IFS" IFS=',' ; for _port in $standard_echo360_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi echo360_udp_port_arr+=("$_port") if $allow_echo360_video_streaming ; then out_udp_port_arr+=("$_port") fi done IFS="$CUR_IFS" # --- # - IP Camera # --- declare -a ip_camera_tcp_port_arr=() CUR_IFS="$IFS" IFS=',' ; for _port in $ip_camera_tcp_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi ip_camera_tcp_port_arr+=("$_port") if $allow_ip_camera_out ; then out_tcp_port_arr+=("$_port") fi done IFS="$CUR_IFS" declare -a ip_camera_udp_port_arr=() CUR_IFS="$IFS" IFS=',' ; for _port in $ip_camera_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi ip_camera_udp_port_arr+=("$_port") if $allow_ip_camera_out ; then out_udp_port_arr+=("$_port") fi done IFS="$CUR_IFS" # --- # - BigBlueButton Video Conference Service # --- declare -a bigbluebutton_tcp_port_arr=() CUR_IFS="$IFS" IFS=',' ; for _port in $bigbluebutton_tcp_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi bigbluebutton_tcp_port_arr+=("$_port") if $allow_bigbluebutton_video_conference_out ; then out_tcp_port_arr+=("$_port") fi done IFS="$CUR_IFS" declare -a bigbluebutton_udp_port_arr=() CUR_IFS="$IFS" IFS=',' ; for _port in $bigbluebutton_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi bigbluebutton_udp_port_arr+=("$_port") if $allow_bigbluebutton_video_conference_out ; then out_udp_port_arr+=("$_port") fi done IFS="$CUR_IFS" # --- # - Skype for Business Online und Microsoft Teams # --- CUR_IFS="$IFS" declare -a ms_skype_teams_udp4_host_arr=() declare -a ms_skype_teams_udp6_host_arr=() declare -a ms_skype_teams_udp4_port_arr=() declare -a ms_skype_teams_udp6_port_arr=() declare -a ms_skype_teams_tcp_port_arr=() if [[ -n "$ms_skype_teams_udp4_hosts" ]]; then for _host in $ms_skype_teams_udp4_hosts ; do ms_skype_teams_udp4_host_arr+=("$_host") done fi if [[ -n "$ms_skype_teams_udp6_hosts" ]]; then for _host in $ms_skype_teams_udp6_hosts ; do ms_skype_teams_udp6_host_arr+=("$_host") done fi IFS=',' ; for _port in $ms_skype_teams_udp4_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi ms_skype_teams_udp4_port_arr+=("$_port") done IFS="$CUR_IFS" IFS=',' ; for _port in $ms_skype_teams_udp6_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi ms_skype_teams_udp6_port_arr+=("$_port") done IFS="$CUR_IFS" IFS=',' ; for _port in $ms_skype_teams_tcp_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi ms_skype_teams_tcp_port_arr+=("$_port") done IFS="$CUR_IFS" # --- # - Webex Meeting Video Conference Service out only # --- declare -a webex_tcp_port_arr=() declare -a webex_udp_port_arr=() IFS=',' ; for _port in $webex_tcp_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi webex_tcp_port_arr+=("$_port") if $allow_webex_video_conference_out ; then out_tcp_port_arr+=("$_port") fi done IFS=',' ; for _port in $webex_tcp_fall_back_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi webex_tcp_port_arr+=("$_port") if $allow_webex_video_conference_out ; then out_tcp_port_arr+=("$_port") fi done IFS=',' ; for _port in $webex_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi webex_udp_port_arr+=("$_port") if $allow_webex_video_conference_out ; then out_udp_port_arr+=("$_port") fi done IFS="$CUR_IFS" # --- # Zoom Meetings - Video Conference - adjust 'zoom_tcp_ports' # --- declare -a zoom_tcp_port_arr=() declare -a zoom_udp_port_arr=() IFS=',' ; for _port in $zoom_tcp_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi zoom_tcp_port_arr+=("$_port") if $allow_zoom_video_conference_out ; then out_tcp_port_arr+=("$_port") fi done IFS=',' ; for _port in $zoom_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi zoom_udp_port_arr+=("$_port") if $allow_zoom_video_conference_out ; then out_udp_port_arr+=("$_port") fi done IFS="$CUR_IFS" # --- # - Jitsi Video Conference Service out only # --- declare -a jitsi_tcp_port_arr=() declare -a jitsi_udp_port_arr=() IFS=',' ; for _port in $jitsi_tcp_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi jitsi_tcp_port_arr+=("$_port") if $allow_jitsi_video_conference_out ; then out_tcp_port_arr+=("$_port") fi done IFS=',' ; for _port in $jitsi_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi jitsi_udp_port_arr+=("$_port") if $allow_jitsi_video_conference_out ; then out_udp_port_arr+=("$_port") fi done IFS="$CUR_IFS" # --- # - alfaview - Video Conferencing Systems # --- declare -a alfaview_tcp_port_arr=() declare -a alfaview_udp_port_arr=() IFS=',' ; for _port in $alfaview_tcp_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi alfaview_tcp_port_arr+=("$_port") if $allow_alfaview_video_conference_out ; then out_tcp_port_arr+=("$_port") fi done IFS=',' ; for _port in $alfaview_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi alfaview_udp_port_arr+=("$_port") if $allow_alfaview_video_conference_out ; then out_udp_port_arr+=("$_port") fi done IFS="$CUR_IFS" # --- # - Nextcloud 'talk' App # --- declare -a nc_turn_tcp_port_arr=() declare -a nc_turn_udp_port_arr=() IFS=',' ; for _port in $nc_turn_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi nc_turn_tcp_port_arr+=("$_port") if $allow_nc_turn_video_conference_out ; then out_tcp_port_arr+=("$_port") fi done IFS=',' ; for _port in $nc_turn_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi nc_turn_udp_port_arr+=("$_port") if $allow_nc_turn_video_conference_out ; then out_udp_port_arr+=("$_port") fi done IFS="$CUR_IFS" IFS=',' ; for _port in $nc_turn_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi nc_turn_udp_port_arr+=("$_port") if $allow_nc_turn_video_conference_out ; then out_udp_port_arr+=("$_port") fi done IFS="$CUR_IFS" # --- # - Special TCP Ports OUT # --- declare -a tcp_out_port_arr=() for _port in $tcp_out_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi tcp_out_port_arr+=("$_port") out_tcp_port_arr+=("$_port") done # --- # - Special UDP Ports OUT # --- # local declare -a udp_out_port_arr=() for _port in $udp_out_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi udp_out_port_arr+=("$_port") out_udp_port_arr+=("$_port") done # --- # - Rsync Out Ports # -- declare -a rsync_port_arr=() for _port in $rsync_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi rsync_port_arr+=("$_port") out_tcp_port_arr+=("$_port") done # --- # Gaming # --- if $allow_game_steam_out \ || $allow_game_call_of_duty \ || $allow_game_xbox_one_out \ || $allow_game_xbox_360_out \ || $allow_game_ps3_out \ || $allow_game_ps4_out \ || $allow_game_fifa21_out ; then allow_gaming_out=true else allow_gaming_out=false fi # Games local ports # declare -a game_ports_local_udp_arr=() if $allow_game_steam_out ; then IFS=',' ; for _port in $standard_game_steam_udp_local_ports ; do if containsElement "${_port}" "${out_udp_local_port_arr[@]}" ; then continue fi out_udp_local_port_arr+=("$_port") game_ports_local_udp_arr+=("$_port") done IFS="$CUR_IFS" fi if $allow_game_call_of_duty ; then IFS=',' ; for _port in $standard_game_call_of_duty_udp_local_ports ; do if containsElement "${_port}" "${out_udp_local_port_arr[@]}" ; then continue fi out_udp_local_port_arr+=("$_port") game_ports_local_udp_arr+=("$_port") done IFS="$CUR_IFS" fi declare -a game_ports_local_tcp_arr=() if $allow_game_steam_out ; then IFS=',' ; for _port in $standard_game_steam_tcplocal_ports ; do if containsElement "${_port}" "${out_tcp_local_port_arr[@]}" ; then continue fi out_tcp_local_port_arr+=("$_port") game_ports_local_tcp_arr+=("$_port") done IFS="$CUR_IFS" fi # Games (remote) ports # declare -a game_ports_udp_arr=() if $allow_gaming_out ; then IFS=',' ; for _port in $standard_game_universell_udp ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi game_ports_udp_arr+=("$_port") out_udp_port_arr+=("$_port") done IFS="$CUR_IFS" fi if $allow_game_xbox_360_out ; then IFS=',' ; for _port in $standard_game_xbox_one_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi game_ports_udp_arr+=("$_port") out_udp_port_arr+=("$_port") done IFS="$CUR_IFS" fi if $allow_game_xbox_one_out ; then IFS=',' ; for _port in $standard_game_xbox_one_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi game_ports_udp_arr+=("$_port") out_udp_port_arr+=("$_port") done IFS="$CUR_IFS" fi if $allow_game_ps3_out ; then IFS=',' ; for _port in $standard_game_ps3_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi game_ports_udp_arr+=("$_port") out_udp_port_arr+=("$_port") done IFS="$CUR_IFS" fi if $allow_game_ps4_out ; then IFS=',' ; for _port in $standard_game_ps4_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi game_ports_udp_arr+=("$_port") out_udp_port_arr+=("$_port") done IFS="$CUR_IFS" fi if $allow_game_fifa21_out ; then IFS=',' ; for _port in $standard_game_fifa21_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi game_ports_udp_arr+=("$_port") out_udp_port_arr+=("$_port") done IFS="$CUR_IFS" fi if $allow_game_steam_out ; then IFS=',' ; for _port in $standard_game_steam_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi game_ports_udp_arr+=("$_port") out_udp_port_arr+=("$_port") done IFS="$CUR_IFS" fi if $allow_game_call_of_duty ; then IFS=',' ; for _port in $standard_game_call_of_duty_pc_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi game_ports_udp_arr+=("$_port") out_udp_port_arr+=("$_port") done IFS=',' ; for _port in $standard_game_call_of_duty_ps_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi game_ports_udp_arr+=("$_port") out_udp_port_arr+=("$_port") done IFS=',' ; for _port in $standard_game_call_of_duty_xbox_udp_ports ; do if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then continue fi game_ports_udp_arr+=("$_port") out_udp_port_arr+=("$_port") done IFS="$CUR_IFS" fi declare -a game_ports_tcp_arr=() if $allow_gaming_out ; then IFS=',' ; for _port in $standard_game_universell_tcp ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi game_ports_tcp_arr+=("$_port") out_tcp_port_arr+=("$_port") done IFS="$CUR_IFS" fi if $allow_game_xbox_360_out ; then IFS=',' ; for _port in $standard_game_xbox_one_tcp_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi game_ports_tcp_arr+=("$_port") out_tcp_port_arr+=("$_port") done IFS="$CUR_IFS" fi if $allow_game_xbox_one_out ; then IFS=',' ; for _port in $standard_game_xbox_one_tcp_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi game_ports_tcp_arr+=("$_port") out_tcp_port_arr+=("$_port") done IFS="$CUR_IFS" fi if $allow_game_ps3_out ; then IFS=',' ; for _port in $standard_game_ps3_tcp_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi game_ports_tcp_arr+=("$_port") out_tcp_port_arr+=("$_port") done IFS="$CUR_IFS" fi if $allow_game_ps4_out ; then IFS=',' ; for _port in $standard_game_ps4_tcp_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi game_ports_tcp_arr+=("$_port") out_tcp_port_arr+=("$_port") done IFS="$CUR_IFS" fi if $allow_game_fifa21_out ; then IFS=',' ; for _port in $standard_game_fifa21_tcp_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi game_ports_tcp_arr+=("$_port") out_tcp_port_arr+=("$_port") done IFS="$CUR_IFS" fi if $allow_game_steam_out ; then IFS=',' ; for _port in $standard_game_steam_tcp_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi game_ports_tcp_arr+=("$_port") out_tcp_port_arr+=("$_port") done IFS="$CUR_IFS" fi if $allow_game_call_of_duty ; then IFS=',' ; for _port in $standard_game_call_of_duty_pc_tcp_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi game_ports_tcp_arr+=("$_port") out_tcp_port_arr+=("$_port") done IFS=',' ; for _port in $standard_game_call_of_duty_ps_tcp_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi game_ports_tcp_arr+=("$_port") out_tcp_port_arr+=("$_port") done IFS=',' ; for _port in $standard_game_call_of_duty_xbox_tcp_ports ; do if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then continue fi game_ports_tcp_arr+=("$_port") out_tcp_port_arr+=("$_port") done IFS="$CUR_IFS" fi # ================================================== # END: gather out ports # ================================================== # --- # - IPMI # --- declare -a ipmi_udp_port_arr=() for _port in $ipmi_udp_ports ; do ipmi_udp_port_arr+=("$_port") done declare -a ipmi_tcp_port_arr=() for _port in $ipmi_tcp_ports ; do ipmi_tcp_port_arr+=("$_port") done # --- # - Portforwrds TCP # --- declare -a portforward_tcp_arr=() for _str in $portforward_tcp ; do portforward_tcp_arr+=("$_str") done # --- # - Portforwrds UDP # --- declare -a portforward_udp_arr=() for _str in $portforward_udp ; do portforward_udp_arr+=("$_str") done # --- # - MAC Address Filtering # --- declare -a allow_all_mac_src_address_arr=() for _mac in $allow_all_mac_src_addresses ; do allow_all_mac_src_address_arr+=("$_mac") done declare -a allow_local_mac_src_address_arr=() for _mac in $allow_local_mac_src_addresses ; do allow_local_mac_src_address_arr+=("$_mac") done declare -a allow_remote_mac_src_address_arr=() for _mac in $allow_remote_mac_src_addresses ; do allow_remote_mac_src_address_arr+=("$_mac") done # --- # - MAC Address Filtering Gaming Devices # --- declare -a gaming_device_mac_address_arr=() for _mac in $gaming_device_mac_addresses ; do gaming_device_mac_address_arr+=("$_mac") done # --- # - IP Address Filtering Gaming Devices # --- declare -a gaming_device_ip_address_arr=() for _ip in $gaming_device_ip_addresses ; do gaming_device_ip_address_arr+=("$_ip") done