#!/usr/bin/env bash # ----------- # --- Define Arrays # ----------- # --- # - Masquerade TCP Connections # --- declare -a masquerade_tcp_con_arr for _str in $masquerade_tcp_cons ; do masquerade_tcp_con_arr+=("$_str") done # --- # - Extern Network interfaces (DSL, Staic Lines, All together) # --- declare -a dsl_device_arr declare -a ext_if_arr for _dev in $ext_ifs_dsl ; do dsl_device_arr+=("$_dev") ext_if_arr+=("$_dev") done for _dev in $ext_ifs_static ; do ext_if_arr+=("$_dev") done # --- # - VPN Interfaces # --- declare -a vpn_if_arr for _dev in $vpn_ifs ; do vpn_if_arr+=("$_dev") done # --- # - Local Network Interfaces # --- declare -a local_if_arr for _dev in $local_ifs ; do local_if_arr+=("$_dev") done # --- # - Network Interfaces completly blocked # --- declare -a blocked_if_arr for _dev in $blocked_ifs ; do blocked_if_arr+=("$_dev") done # --- # - Network Interfaces not firewalled # --- declare -a unprotected_if_arr for _dev in $unprotected_ifs ; do unprotected_if_arr+=("$_dev") done # --- # - Allow these local networks any access to the internet # --- declare -a any_access_to_inet_network_arr for _net in $any_access_to_inet_networks ; do any_access_to_inet_network_arr+=("$_net") done # --- # - Allow local services from given local networks # --- declare -a allow_local_net_to_local_service_arr for _val in $allow_local_net_to_local_service ; do allow_local_net_to_local_service_arr+=("$_val") done # --- # - Allow local ip address from given local network # --- declare -a allow_local_net_to_local_ip_arr for _val in $allow_local_net_to_local_ip ; do allow_local_net_to_local_ip_arr+=("$_val") done # --- # - Allow local ip address from given local interface # --- declare -a allow_local_if_to_local_ip_arr for _val in $allow_local_if_to_local_ip ; do allow_local_if_to_local_ip_arr+=("$_val") done # --- # - Separate local Networks # --- declare -a separate_local_network_arr for _net in $separate_local_networks ; do separate_local_network_arr+=("$_net") done # --- # - Separate local Interfaces # --- declare -a separate_local_if_arr for _net in $separate_local_ifs ; do separate_local_if_arr+=("$_net") done # --- # - Generally block ports on extern interfaces # --- declare -a block_tcp_port_arr for _port in $block_tcp_ports ; do block_tcp_port_arr+=("$_port") done declare -a block_udp_port_arr for _port in $block_udp_ports ; do block_udp_port_arr+=("$_port") done # --- # - Not wanted on intern interfaces # --- declare -a not_wanted_on_gw_tcp_port_arr for _port in $not_wanted_on_gw_tcp_ports ; do not_wanted_on_gw_tcp_port_arr+=("$_port") done declare -a not_wanted_on_gw_udp_port_arr for _port in $not_wanted_on_gw_udp_ports ; do not_wanted_on_gw_udp_port_arr+=("$_port") done # --- # - Private IPs / IP-Ranges allowed to forward # --- declare -a forward_private_ip_arr for _ip in $forward_private_ips ; do forward_private_ip_arr+=("$_ip") done # --- # - IP Addresses to log # --- declare -a log_ip_arr for _ip in $log_ips ; do log_ip_arr+=("$_ip") done # --- # - IP Addresses DHCP Failover Server # --- declare -a dhcp_failover_server_ip_arr for _ip in $dhcp_failover_server_ips ; do dhcp_failover_server_ip_arr+=("$_ip") done # --- # - IP Adresses DNS Server # --- declare -a dns_server_ip_arr for _ip in $dns_server_ips ; do dns_server_ip_arr+=("$_ip") done # --- # - IP Adresses SSH Server only at ocal Networks # --- declare -a ssh_server_only_local_ip_arr for _ip in $ssh_server_only_local_ips ; do ssh_server_only_local_ip_arr+=("$_ip") done # --- # - IP Adresses HTTP Server only local Networks # --- declare -a http_server_only_local_ip_arr for _ip in $http_server_only_local_ips ; do http_server_only_local_ip_arr+=("$_ip") done # --- # - IP Addresses Mail Server only local Networks # --- declare -a mail_server_only_local_ip_arr for _ip in $mail_server_only_local_ips ; do mail_server_only_local_ip_arr+=("$_ip") done # --- # - IP Addresses FTP Server # --- declare -a ftp_server_only_local_ip_arr for _ip in $ftp_server_only_local_ips ; do ftp_server_only_local_ip_arr+=("$_ip") done # --- # - IP Addresses Samba Server # --- declare -a samba_server_local_ip_arr for _ip in $samba_server_local_ips ; do samba_server_local_ip_arr+=("$_ip") done # --- # - IP Addresses LDAP Server # --- declare -a ldap_server_local_ip_arr for _ip in $ldap_server_local_ips ; do ldap_server_local_ip_arr+=("$_ip") done # --- # - IP Adresses Telephone Systems # --- declare -a tele_sys_ip_arr for _ip in $tele_sys_ips ; do tele_sys_ip_arr+=("$_ip") done # --- # - IP Adresses SNMP Server # --- declare -a snmp_server_ip_arr for _ip in $snmp_server_ips ; do snmp_server_ip_arr+=("$_ip") done # --- # - IP Adresses Munin Service # --- declare -a munin_local_server_ip_arr for _ip in $munin_local_server_ips ; do munin_local_server_ip_arr+=("$_ip") done # --- # - IP Adresses XyMon # --- declare -a xymon_server_ip_arr for _ip in $xymon_server_ips ; do xymon_server_ip_arr+=("$_ip") done # --- # - IP Adresses IPMI interface # --- declare -a ipmi_server_ip_arr for _ip in $ipmi_server_ips ; do ipmi_server_ip_arr+=("$_ip") done # --- # -IP Addresses Ubiquiti Unifi Accesspoints # --- declare -a unifi_ap_local_ip_arr for _ip in $unifi_ap_local_ips ; do unifi_ap_local_ip_arr+=("$_ip") done declare -a unifi_controller_gateway_ip_arr for _ip in $unifi_controller_gateway_ips ; do unifi_controller_gateway_ip_arr+=("$_ip") done declare -a unify_controller_local_net_ip_arr for _ip in $unify_controller_local_net_ips ; do unify_controller_local_net_ip_arr+=("$_ip") done # --- # - IP Addresses Printer # - declare -a printer_ip_arr for _ip in $printer_ips ; do printer_ip_arr+=("$_ip") done # --- # - IP Adresses Brother Scanner (brscan) # --- declare -a brother_scanner_ip_arr for _ip in $brother_scanner_ips ; do brother_scanner_ip_arr+=("$_ip") done # --- # - IP Addresses PCNS Server # --- declare -a pcns_server_ip_arr for _ip in $pcns_server_ips ; do pcns_server_ip_arr+=("$_ip") done # --- # - IP Addresses VNC Service # --- declare -a rm_server_ip_arr for _ip in $rm_server_ips ; do rm_server_ip_arr+=("$_ip") done # --- # - IP Addresses Rsync Out # --- # local declare -a rsync_out_ip_arr for _ip in $rsync_out_ips ; do rsync_out_ip_arr+=("$_ip") done # --- # - Other local Services # --- declare -a other_service_arr for _val in $other_services ; do other_service_arr+=("$_val") done # --- # - SSH Ports # --- declare -a ssh_port_arr for _port in $ssh_ports ; do ssh_port_arr+=("$_port") done # --- # - VPN Ports # --- declare -a vpn_gw_port_arr for _port in $vpn_gw_ports ; do vpn_gw_port_arr+=("$_port") done declare -a vpn_local_net_port_arr for _port in $vpn_local_net_ports ; do vpn_local_net_port_arr+=("$_port") done declare -a vpn_out_port_arr for _port in $vpn_out_ports ; do vpn_out_port_arr+=("$_port") done # --- # - Rsync Out Ports # -- declare -a rsync_port_arr for _port in $rsync_ports ; do rsync_port_arr+=("$_port") done # --- # - Samba Ports # --- declare -a samba_udp_port_arr for _port in $samba_udp_ports ; do samba_udp_port_arr+=("$_port") done declare -a samba_tcp_port_arr for _port in $samba_tcp_ports ; do samba_tcp_port_arr+=("$_port") done # --- # - LDAP Ports # --- declare -a ldap_udp_port_arr for _port in $ldap_udp_ports ; do ldap_udp_port_arr+=("$_port") done declare -a ldap_tcp_port_arr for _port in $ldap_tcp_ports ; do ldap_tcp_port_arr+=("$_port") done # --- # - IPMI # --- declare -a ipmi_udp_port_arr for _port in $ipmi_udp_ports ; do ipmi_udp_port_arr+=("$_port") done declare -a ipmi_tcp_port_arr for _port in $ipmi_tcp_ports ; do ipmi_tcp_port_arr+=("$_port") done # --- # - Portforwrds TCP # --- declare -a portforward_tcp_arr for _str in $portforward_tcp ; do portforward_tcp_arr+=("$_str") done # --- # - Portforwrds UDP # --- declare -a portforward_udp_arr for _str in $portforward_udp ; do portforward_udp_arr+=("$_str") done # --- # - MAC Address Filtering # --- declare -a allow_all_mac_src_address_arr for _mac in $allow_all_mac_src_addresses ; do allow_all_mac_src_address_arr+=("$_mac") done declare -a allow_local_mac_src_address_arr for _mac in $allow_local_mac_src_addresses ; do allow_local_mac_src_address_arr+=("$_mac") done declare -a allow_remote_mac_src_address_arr for _mac in $allow_remote_mac_src_addresses ; do allow_remote_mac_src_address_arr+=("$_mac") done