1013 lines
24 KiB
Bash
1013 lines
24 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
|
|
# -----------
|
|
# --- Define Arrays
|
|
# -----------
|
|
|
|
|
|
# ---
|
|
# - Standard http ports
|
|
# ---
|
|
declare -a standard_http_port_arr
|
|
CUR_IFS="$IFS"
|
|
IFS=',' ; for _port in $standard_http_ports ; do
|
|
standard_http_port_arr+=("${_port}")
|
|
done
|
|
IFS="$CUR_IFS"
|
|
|
|
# ---
|
|
# - Standard mail user prts
|
|
# ---
|
|
declare -a standard_mailuser_port_arr
|
|
CUR_IFS="$IFS"
|
|
IFS=',' ; for _port in $standard_mailuser_ports ; do
|
|
standard_mailuser_port_arr+=("${_port}")
|
|
done
|
|
IFS="$CUR_IFS"
|
|
|
|
|
|
# ---
|
|
# - Masquerade TCP Connections
|
|
# ---
|
|
|
|
declare -a nat_network_arr
|
|
for _net in $nat_networks ; do
|
|
nat_network_arr+=("$_net")
|
|
done
|
|
|
|
declare -a masquerade_tcp_con_arr
|
|
for _str in $masquerade_tcp_cons ; do
|
|
masquerade_tcp_con_arr+=("$_str")
|
|
done
|
|
|
|
declare -a masquerade_udp_con_arr
|
|
for _str in $masquerade_udp_cons ; do
|
|
masquerade_udp_con_arr+=("$_str")
|
|
done
|
|
|
|
declare -a masquerade_icmp_con_arr
|
|
for _str in $masquerade_icmp_cons ; do
|
|
masquerade_icmp_con_arr+=("$_str")
|
|
done
|
|
|
|
|
|
# ---
|
|
# - Extern Network interfaces (DSL, Staic Lines, All together)
|
|
# ---
|
|
declare -a nat_device_arr
|
|
declare -a dsl_device_arr
|
|
declare -a ext_if_arr
|
|
for _dev in $ext_ifs_dsl ; do
|
|
dsl_device_arr+=("$_dev")
|
|
ext_if_arr+=("$_dev")
|
|
nat_device_arr+=("$_dev")
|
|
done
|
|
for _dev in $ext_ifs_static ; do
|
|
ext_if_arr+=("$_dev")
|
|
done
|
|
for _dev in $nat_devices ; do
|
|
if ! containsElement $_dev "${nat_device_arr[@]}" ; then
|
|
nat_device_arr+=("$_dev")
|
|
fi
|
|
done
|
|
|
|
# ---
|
|
# - VPN Interfaces
|
|
# ---
|
|
declare -a vpn_if_arr
|
|
for _dev in $vpn_ifs ; do
|
|
vpn_if_arr+=("$_dev")
|
|
done
|
|
|
|
# ---
|
|
# - WireGuard Interfaces
|
|
# ---
|
|
declare -a wg_if_arr
|
|
for _dev in $wg_ifs ; do
|
|
wg_if_arr+=("$_dev")
|
|
done
|
|
|
|
# ---
|
|
# - Local Network Interfaces
|
|
# ---
|
|
declare -a local_if_arr
|
|
for _dev in $local_ifs ; do
|
|
local_if_arr+=("$_dev")
|
|
done
|
|
|
|
# ---
|
|
# - Network Interfaces completly blocked
|
|
# ---
|
|
declare -a blocked_if_arr
|
|
for _dev in $blocked_ifs ; do
|
|
blocked_if_arr+=("$_dev")
|
|
done
|
|
|
|
# ---
|
|
# - Network Interfaces not firewalled
|
|
# ---
|
|
declare -a unprotected_if_arr
|
|
for _dev in $unprotected_ifs ; do
|
|
unprotected_if_arr+=("$_dev")
|
|
done
|
|
|
|
# ---
|
|
# - Allow these local networks any access to the internet
|
|
# ---
|
|
declare -a any_access_to_inet_network_arr
|
|
for _net in $any_access_to_inet_networks ; do
|
|
any_access_to_inet_network_arr+=("$_net")
|
|
done
|
|
|
|
declare -a any_access_from_inet_network_arr
|
|
for _net in $any_access_from_inet_networks ; do
|
|
any_access_from_inet_network_arr+=("$_net")
|
|
done
|
|
|
|
# ---
|
|
# - Allow local services from ALL extern netwoks
|
|
# ---
|
|
declare -a allow_all_ext_traffic_to_local_service_arr
|
|
for _val in $allow_all_ext_traffic_to_local_service ; do
|
|
allow_all_ext_traffic_to_local_service_arr+=("$_val")
|
|
done
|
|
|
|
# ---
|
|
# - Allow local services from given extern networks
|
|
# ---
|
|
declare -a allow_ext_net_to_local_service_arr
|
|
for _val in $allow_ext_net_to_local_service ; do
|
|
allow_ext_net_to_local_service_arr+=("$_val")
|
|
done
|
|
|
|
# ---
|
|
# - Allow all traffic from extern address/network to local address/network
|
|
# ---
|
|
declare -a allow_ext_net_to_local_net_arr
|
|
for _val in $allow_ext_net_to_local_net ; do
|
|
allow_ext_net_to_local_net_arr+=("$_val")
|
|
done
|
|
|
|
# ---
|
|
# - Block all extern traffic to (given) local network
|
|
# ---
|
|
declare -a block_all_ext_to_local_net_arr
|
|
for _net in $block_all_ext_to_local_net ; do
|
|
block_all_ext_to_local_net_arr+=("$_net")
|
|
done
|
|
|
|
# ---
|
|
# - Allow all traffic from local ip to the internet
|
|
# ---
|
|
declare -a allow_local_ip_to_inet_arr
|
|
for _ip in $allow_local_ip_to_inet ; do
|
|
allow_local_ip_to_inet_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - Allow local services from given local networks
|
|
# ---
|
|
declare -a allow_local_net_to_local_service_arr
|
|
for _val in $allow_local_net_to_local_service ; do
|
|
allow_local_net_to_local_service_arr+=("$_val")
|
|
done
|
|
|
|
# ---
|
|
# - Allow all traffic from local network to local ip-address
|
|
# ---
|
|
declare -a allow_local_net_to_local_ip_arr
|
|
for _val in $allow_local_net_to_local_ip ; do
|
|
allow_local_net_to_local_ip_arr+=("$_val")
|
|
done
|
|
|
|
# ---
|
|
# - Allow all traffic from local ip-address to local network
|
|
# ---
|
|
declare -a allow_local_ip_to_local_net_arr
|
|
for _val in $allow_local_ip_to_local_net ; do
|
|
allow_local_ip_to_local_net_arr+=("$_val")
|
|
done
|
|
|
|
# ---
|
|
# - Allow all traffic from (one) local network to (another) local network
|
|
# ---
|
|
declare -a allow_local_net_to_local_net_arr
|
|
for _val in $allow_local_net_to_local_net ; do
|
|
allow_local_net_to_local_net_arr+=("$_val")
|
|
done
|
|
|
|
# ---
|
|
# - Allow local ip address from given local interface
|
|
# ---
|
|
declare -a allow_local_if_to_local_ip_arr
|
|
for _val in $allow_local_if_to_local_ip ; do
|
|
allow_local_if_to_local_ip_arr+=("$_val")
|
|
done
|
|
|
|
# ---
|
|
# - Allow extern service from given local interface
|
|
# ---
|
|
declare -a allow_local_if_to_ext_service_arr
|
|
for _val in $allow_local_if_to_ext_service ; do
|
|
allow_local_if_to_ext_service_arr+=("$_val")
|
|
done
|
|
|
|
# ---
|
|
# - Allow extern network from given local interface
|
|
# ---
|
|
declare -a allow_local_if_to_ext_net_arr
|
|
for _val in $allow_local_if_to_ext_net ; do
|
|
allow_local_if_to_ext_net_arr+=("$_val")
|
|
done
|
|
|
|
# ---
|
|
# - Allow extern service from given local network
|
|
# ---
|
|
declare -a allow_local_net_to_ext_service_arr
|
|
for _val in $allow_local_net_to_ext_service ; do
|
|
allow_local_net_to_ext_service_arr+=("$_val")
|
|
done
|
|
|
|
# ---
|
|
# - Allow extern network from given local network
|
|
# ---
|
|
declare -a allow_local_net_to_ext_net_arr
|
|
for _val in $allow_local_net_to_ext_net ; do
|
|
allow_local_net_to_ext_net_arr+=("$_val")
|
|
done
|
|
|
|
# ---
|
|
# - Allow extern service
|
|
# ---
|
|
declare -a allow_to_ext_service_arr
|
|
for _val in $allow_to_ext_service ; do
|
|
allow_to_ext_service_arr+=("$_val")
|
|
done
|
|
|
|
# ---
|
|
# - Allow extern network
|
|
# ---
|
|
declare -a allow_to_ext_net_arr
|
|
for _val in $allow_to_ext_net ; do
|
|
allow_to_ext_net_arr+=("$_val")
|
|
done
|
|
|
|
# ---
|
|
# - Separate local Networks
|
|
# ---
|
|
declare -a separate_local_network_arr
|
|
for _net in $separate_local_networks ; do
|
|
separate_local_network_arr+=("$_net")
|
|
done
|
|
|
|
# ---
|
|
# - Separate local Interfaces
|
|
# ---
|
|
declare -a separate_local_if_arr
|
|
for _net in $separate_local_ifs ; do
|
|
separate_local_if_arr+=("$_net")
|
|
done
|
|
|
|
# ---
|
|
# - Generally block ports on extern interfaces
|
|
# ---
|
|
declare -a block_tcp_port_arr
|
|
for _port in $block_tcp_ports ; do
|
|
block_tcp_port_arr+=("$_port")
|
|
done
|
|
|
|
declare -a block_udp_port_arr
|
|
for _port in $block_udp_ports ; do
|
|
block_udp_port_arr+=("$_port")
|
|
done
|
|
|
|
# ---
|
|
# - Not wanted on intern interfaces
|
|
# ---
|
|
declare -a not_wanted_on_gw_tcp_port_arr
|
|
for _port in $not_wanted_on_gw_tcp_ports ; do
|
|
not_wanted_on_gw_tcp_port_arr+=("$_port")
|
|
done
|
|
|
|
declare -a not_wanted_on_gw_udp_port_arr
|
|
for _port in $not_wanted_on_gw_udp_ports ; do
|
|
not_wanted_on_gw_udp_port_arr+=("$_port")
|
|
done
|
|
|
|
# ---
|
|
# - Private IPs / IP-Ranges allowed to forward
|
|
# ---
|
|
declare -a forward_private_ip_arr
|
|
for _ip in $forward_private_ips ; do
|
|
forward_private_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Addresses to log
|
|
# ---
|
|
declare -a log_ip_arr
|
|
for _ip in $log_ips ; do
|
|
log_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - Network Devices local DHCP Client
|
|
# ---
|
|
declare -a dhcp_client_interfaces_arr
|
|
for _dev in $dhcp_client_interfaces ; do
|
|
dhcp_client_interfaces_arr+=("$_dev")
|
|
done
|
|
|
|
# ---
|
|
# - IP Addresses DHCP Failover Server
|
|
# ---
|
|
declare -a dhcp_failover_server_ip_arr
|
|
for _ip in $dhcp_failover_server_ips ; do
|
|
dhcp_failover_server_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Adresses DNS Server
|
|
# ---
|
|
declare -a dns_server_ip_arr
|
|
for _ip in $dns_server_ips ; do
|
|
dns_server_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Adresses SSH Server only at ocal Networks
|
|
# ---
|
|
declare -a ssh_server_only_local_ip_arr
|
|
for _ip in $ssh_server_only_local_ips ; do
|
|
ssh_server_only_local_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Adresses HTTP Server only local Networks
|
|
# ---
|
|
declare -a http_server_only_local_ip_arr
|
|
for _ip in $http_server_only_local_ips ; do
|
|
http_server_only_local_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Addresses Mail Server only local Networks
|
|
# ---
|
|
declare -a mail_server_only_local_ip_arr
|
|
for _ip in $mail_server_only_local_ips ; do
|
|
mail_server_only_local_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Addresses FTP Server
|
|
# ---
|
|
declare -a ftp_server_only_local_ip_arr
|
|
for _ip in $ftp_server_only_local_ips ; do
|
|
ftp_server_only_local_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Addresses Samba Server
|
|
# ---
|
|
declare -a samba_server_local_ip_arr
|
|
for _ip in $samba_server_local_ips ; do
|
|
samba_server_local_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Addresses LDAP Server
|
|
# ---
|
|
declare -a ldap_server_local_ip_arr
|
|
for _ip in $ldap_server_local_ips ; do
|
|
ldap_server_local_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Adresses Telephone Systems
|
|
# ---
|
|
declare -a tele_sys_ip_arr
|
|
for _ip in $tele_sys_ips ; do
|
|
tele_sys_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Adresses SNMP Server
|
|
# ---
|
|
declare -a snmp_server_ip_arr
|
|
for _ip in $snmp_server_ips ; do
|
|
snmp_server_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Adresses Munin Service
|
|
# ---
|
|
declare -a munin_local_server_ip_arr
|
|
for _ip in $munin_local_server_ips ; do
|
|
munin_local_server_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Adresses Checkmk Monitoring Service
|
|
# ---
|
|
declare -a checkmk_local_server_ip_arr
|
|
for _ip in $checkmk_local_server_ips ; do
|
|
checkmk_local_server_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Adresses XyMon
|
|
# ---
|
|
declare -a xymon_server_ip_arr
|
|
for _ip in $xymon_server_ips ; do
|
|
xymon_server_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Adresses IPMI interface
|
|
# ---
|
|
declare -a ipmi_server_ip_arr
|
|
for _ip in $ipmi_server_ips ; do
|
|
ipmi_server_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# -IP Addresses Ubiquiti Unifi Accesspoints
|
|
# ---
|
|
declare -a unifi_ap_local_ip_arr
|
|
for _ip in $unifi_ap_local_ips ; do
|
|
unifi_ap_local_ip_arr+=("$_ip")
|
|
done
|
|
declare -a unifi_ap_extern_ip_arr
|
|
for _ip in $unifi_ap_extern_ips ; do
|
|
unifi_ap_extern_ip_arr+=("$_ip")
|
|
done
|
|
declare -a unifi_controller_gateway_ip_arr
|
|
for _ip in $unifi_controller_gateway_ips ; do
|
|
unifi_controller_gateway_ip_arr+=("$_ip")
|
|
done
|
|
declare -a unify_controller_local_net_ip_arr
|
|
for _ip in $unify_controller_local_net_ips ; do
|
|
unify_controller_local_net_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Addresses Printer
|
|
# -
|
|
declare -a printer_ip_arr
|
|
for _ip in $printer_ips ; do
|
|
printer_ip_arr+=("$_ip")
|
|
done
|
|
|
|
|
|
# ---
|
|
# - IP Adresses Brother Scanner (brscan)
|
|
# ---
|
|
declare -a brother_scanner_ip_arr
|
|
for _ip in $brother_scanner_ips ; do
|
|
brother_scanner_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Adresses Epson Network Scanner
|
|
# ---
|
|
declare -a epson_scanner_ip_arr
|
|
for _ip in $epson_scanner_ips ; do
|
|
epson_scanner_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Addresses PCNS Server
|
|
# ---
|
|
declare -a pcns_server_ip_arr
|
|
for _ip in $pcns_server_ips ; do
|
|
pcns_server_ip_arr+=("$_ip")
|
|
done
|
|
|
|
|
|
# ---
|
|
# - IP Addresses VNC Service
|
|
# ---
|
|
declare -a rm_server_ip_arr
|
|
for _ip in $rm_server_ips ; do
|
|
rm_server_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - IP Addresses Rsync Out
|
|
# ---
|
|
# local
|
|
declare -a rsync_out_ip_arr
|
|
for _ip in $rsync_out_ips ; do
|
|
rsync_out_ip_arr+=("$_ip")
|
|
done
|
|
|
|
# ---
|
|
# - Special TCP Ports OUT
|
|
# ---
|
|
# local
|
|
declare -a tcp_out_port_arr
|
|
for _port in $tcp_out_ports ; do
|
|
tcp_out_port_arr+=("$_port")
|
|
done
|
|
|
|
# ---
|
|
# - Special UDP Ports OUT
|
|
# ---
|
|
# local
|
|
declare -a udp_out_port_arr
|
|
for _port in $udp_out_ports ; do
|
|
udp_out_port_arr+=("$_port")
|
|
done
|
|
|
|
# ---
|
|
# - Other local Services
|
|
# ---
|
|
declare -a other_service_arr
|
|
for _val in $other_services ; do
|
|
other_service_arr+=("$_val")
|
|
done
|
|
|
|
# ---
|
|
# - SSH Ports
|
|
# ---
|
|
declare -a ssh_port_arr
|
|
for _port in $ssh_ports ; do
|
|
ssh_port_arr+=("$_port")
|
|
done
|
|
|
|
# ---
|
|
# - Cisco kompartible VPN Ports
|
|
# ---
|
|
declare -a cisco_vpn_out_port_arr
|
|
for _port in $cisco_vpn_out_ports ; do
|
|
cisco_vpn_out_port_arr+=("$_port")
|
|
done
|
|
|
|
# ---
|
|
# - VPN Ports
|
|
# ---
|
|
declare -a vpn_gw_port_arr
|
|
for _port in $vpn_gw_ports ; do
|
|
vpn_gw_port_arr+=("$_port")
|
|
done
|
|
declare -a vpn_local_net_port_arr
|
|
for _port in $vpn_local_net_ports ; do
|
|
vpn_local_net_port_arr+=("$_port")
|
|
done
|
|
declare -a vpn_out_port_arr
|
|
if [[ -z "$vpn_out_ports" ]] ; then
|
|
vpn_out_ports="$standard_vpn_port"
|
|
fi
|
|
for _port in $vpn_out_ports ; do
|
|
vpn_out_port_arr+=("$_port")
|
|
done
|
|
|
|
# ---
|
|
# - WireGuard Ports
|
|
# ---
|
|
declare -a wg_gw_port_arr
|
|
for _port in $wg_gw_ports ; do
|
|
wg_gw_port_arr+=("$_port")
|
|
done
|
|
declare -a wg_local_net_port_arr
|
|
for _port in $wg_local_net_ports ; do
|
|
wg_local_net_port_arr+=("$_port")
|
|
done
|
|
declare -a wg_out_port_arr
|
|
if [[ -z "$wg_out_ports" ]] ; then
|
|
wg_out_ports="$standard_wg_port"
|
|
fi
|
|
for _port in $wg_out_ports ; do
|
|
wg_out_port_arr+=("$_port")
|
|
done
|
|
|
|
# ---
|
|
# - Rsync Out Ports
|
|
# --
|
|
declare -a rsync_port_arr
|
|
for _port in $rsync_ports ; do
|
|
rsync_port_arr+=("$_port")
|
|
done
|
|
|
|
# ---
|
|
# - Samba Ports
|
|
# ---
|
|
|
|
declare -a samba_udp_port_arr
|
|
for _port in $samba_udp_ports ; do
|
|
samba_udp_port_arr+=("$_port")
|
|
done
|
|
|
|
declare -a samba_tcp_port_arr
|
|
for _port in $samba_tcp_ports ; do
|
|
samba_tcp_port_arr+=("$_port")
|
|
done
|
|
|
|
# ---
|
|
# - LDAP Ports
|
|
# ---
|
|
|
|
declare -a ldap_udp_port_arr
|
|
for _port in $ldap_udp_ports ; do
|
|
ldap_udp_port_arr+=("$_port")
|
|
done
|
|
|
|
declare -a ldap_tcp_port_arr
|
|
for _port in $ldap_tcp_ports ; do
|
|
ldap_tcp_port_arr+=("$_port")
|
|
done
|
|
|
|
# ---
|
|
# - Turn/Stun Ports
|
|
# ---
|
|
if $allow_outbound_streaming \
|
|
|| $allow_echo360_video_streaming \
|
|
|| $allow_bigbluebutton_video_conference_out \
|
|
|| $allow_ms_skype_teams_out \
|
|
|| $allow_webex_video_conference_out \
|
|
|| $allow_zoom_video_conference_out \
|
|
|| $allow_jitsi_video_conference_out \
|
|
|| $allow_alfaview_video_conference_out \
|
|
|| $allow_nc_talk_out ; then
|
|
|
|
allow_stun_turn_service_out=true
|
|
else
|
|
allow_stun_turn_service_out=false
|
|
fi
|
|
|
|
declare -a standard_turn_service_port_arr
|
|
CUR_IFS="$IFS"
|
|
IFS=',' ; for _port in $standard_turn_service_ports ; do
|
|
standard_turn_service_port_arr+=("$_port")
|
|
done
|
|
IFS="$CUR_IFS"
|
|
|
|
declare -a standard_turn_service_udp_port_arr
|
|
CUR_IFS="$IFS"
|
|
IFS=',' ; for _port in $standard_turn_service_udp_ports ; do
|
|
standard_turn_service_udp_port_arr+=("$_port")
|
|
done
|
|
IFS="$CUR_IFS"
|
|
|
|
|
|
# ---
|
|
# - BigBlueButton Video Conference - adjust 'bigbluebutton_tcp_ports'
|
|
# ---
|
|
declare -a bigbluebutton_tcp_port_arr
|
|
CUR_IFS="$IFS"
|
|
_tmp_tcp_ports="$bigbluebutton_tcp_ports"
|
|
bigbluebutton_tcp_ports=""
|
|
declare -i count=0
|
|
IFS=',' ; for _port in $_tmp_tcp_ports ; do
|
|
if $allow_http_request_out && containsElement "${_port}" "${standard_http_port_arr[@]}" ; then
|
|
continue
|
|
fi
|
|
if [[ $count -eq 0 ]]; then
|
|
bigbluebutton_tcp_ports="$_port"
|
|
else
|
|
bigbluebutton_tcp_ports="${bigbluebutton_tcp_ports},${_port}"
|
|
fi
|
|
((count++))
|
|
done
|
|
IFS="$CUR_IFS"
|
|
|
|
|
|
# ---
|
|
# - Skype for Business Online und Microsoft Teams
|
|
# ---
|
|
CUR_IFS="$IFS"
|
|
declare -a ms_skype_teams_udp4_host_arr
|
|
declare -a ms_skype_teams_udp6_host_arr
|
|
declare -a ms_skype_teams_udp4_port_arr
|
|
declare -a ms_skype_teams_udp6_port_arr
|
|
declare -a ms_skype_teams_tcp_port_arr
|
|
if [[ -n "$ms_skype_teams_udp4_hosts" ]]; then
|
|
for _host in $ms_skype_teams_udp4_hosts ; do
|
|
ms_skype_teams_udp4_host_arr+=("$_host")
|
|
done
|
|
fi
|
|
if [[ -n "$ms_skype_teams_udp6_hosts" ]]; then
|
|
for _host in $ms_skype_teams_udp6_hosts ; do
|
|
ms_skype_teams_udp6_host_arr+=("$_host")
|
|
done
|
|
fi
|
|
IFS=',' ; for _port in $ms_skype_teams_udp4_ports ; do
|
|
if containsElement "${_port}" "${standard_turn_service_port_arr[@]}" ; then
|
|
continue
|
|
fi
|
|
ms_skype_teams_udp4_port_arr+=("$_port")
|
|
done
|
|
IFS="$CUR_IFS"
|
|
IFS=',' ; for _port in $ms_skype_teams_udp6_ports ; do
|
|
if containsElement "${_port}" "${standard_turn_service_port_arr[@]}" ; then
|
|
continue
|
|
fi
|
|
ms_skype_teams_udp6_port_arr+=("$_port")
|
|
done
|
|
IFS="$CUR_IFS"
|
|
IFS=',' ; for _port in $ms_skype_teams_tcp_ports ; do
|
|
if $allow_http_request_out && containsElement "${_port}" "${standard_http_port_arr[@]}" ; then
|
|
continue
|
|
fi
|
|
ms_skype_teams_tcp_port_arr+=("$_port")
|
|
done
|
|
IFS="$CUR_IFS"
|
|
|
|
|
|
# ---
|
|
# Zoom Meetings - Video Conference - adjust 'zoom_tcp_ports'
|
|
# ---
|
|
declare -a zoom_tcp_port_arr
|
|
CUR_IFS="$IFS"
|
|
_tmp_tcp_ports="$zoom_tcp_ports"
|
|
zoom_tcp_ports=""
|
|
declare -i count=0
|
|
IFS=',' ; for _port in $_tmp_tcp_ports ; do
|
|
if containsElement "${_port}" "${standard_http_port_arr[@]}" ; then
|
|
continue
|
|
fi
|
|
if [[ $count -eq 0 ]]; then
|
|
zoom_tcp_ports="$_port"
|
|
else
|
|
zoom_tcp_ports="${zoom_tcp_ports},${_port}"
|
|
fi
|
|
((count++))
|
|
done
|
|
IFS="$CUR_IFS"
|
|
|
|
|
|
# ---
|
|
# - Nextcloud 'talk' app
|
|
# ---
|
|
declare -a nc_turn_port_arr
|
|
CUR_IFS="$IFS"
|
|
_tmp_ports="$nc_turn_ports"
|
|
nc_turn_ports=""
|
|
declare -i count=0
|
|
IFS=',' ; for _port in $_tmp_ports ; do
|
|
if containsElement "${_port}" "${standard_turn_service_port_arr[@]}" ; then
|
|
continue
|
|
fi
|
|
if [[ $count -eq 0 ]]; then
|
|
nc_turn_ports="$_port"
|
|
else
|
|
nc_turn_ports="${nc_turn_ports},${_port}"
|
|
fi
|
|
((count++))
|
|
done
|
|
IFS="$CUR_IFS"
|
|
|
|
declare -a nc_turn_udp_port_arr
|
|
CUR_IFS="$IFS"
|
|
_tmp_udp_ports="$nc_turn_udp_ports"
|
|
nc_turn_udp_ports=""
|
|
declare -i count=0
|
|
IFS=',' ; for _port in $_tmp_udp_ports ; do
|
|
if containsElement "${_port}" "${standard_turn_service_udp_port_arr[@]}" ; then
|
|
continue
|
|
fi
|
|
if [[ $count -eq 0 ]]; then
|
|
nc_turn_udp_ports="$_port"
|
|
else
|
|
nc_turn_udp_ports="${nc_turn_udp_ports},${_port}"
|
|
fi
|
|
((count++))
|
|
done
|
|
IFS="$CUR_IFS"
|
|
|
|
|
|
|
|
# ---
|
|
# Gaming
|
|
# ---
|
|
if $allow_game_xbox_one_out \
|
|
|| $allow_game_xbox_360_out \
|
|
|| $allow_game_ps3_out \
|
|
|| $allow_game_ps4_out \
|
|
|| $allow_game_fifa21_out ; then
|
|
|
|
$allow_gaming_out=true
|
|
else
|
|
$allow_gaming_out=false
|
|
fi
|
|
declare -a game_ports_udp_arr
|
|
if $allow_game_xbox_360_out ; then
|
|
IFS=',' ; for _port in $standard_game_xbox_one_udp_ports ; do
|
|
if $allow_stun_turn_service_out && containsElement "${_port}" "${standard_turn_service_port_arr[@]}" ; then
|
|
continue
|
|
elif [[ "$_port" = "$standard_dns_port" ]] ; then
|
|
continue
|
|
elif containsElement "${_port}" "${game_ports_udp_arr[@]}" ; then
|
|
continue
|
|
else
|
|
game_ports_udp_arr+=("$_port")
|
|
fi
|
|
done
|
|
IFS="$CUR_IFS"
|
|
fi
|
|
if $allow_game_xbox_one_out ; then
|
|
IFS=',' ; for _port in $standard_game_xbox_one_udp_ports ; do
|
|
if $allow_stun_turn_service_out && containsElement "${_port}" "${standard_turn_service_port_arr[@]}" ; then
|
|
continue
|
|
elif [[ "$_port" = "$standard_dns_port" ]] ; then
|
|
continue
|
|
elif containsElement "${_port}" "${game_ports_udp_arr[@]}" ; then
|
|
continue
|
|
else
|
|
game_ports_udp_arr+=("$_port")
|
|
fi
|
|
done
|
|
IFS="$CUR_IFS"
|
|
fi
|
|
if $allow_game_ps3_out ; then
|
|
IFS=',' ; for _port in $standard_game_ps3_udp_ports ; do
|
|
if $allow_stun_turn_service_out && containsElement "${_port}" "${standard_turn_service_port_arr[@]}" ; then
|
|
continue
|
|
elif [[ "$_port" = "$standard_dns_port" ]] ; then
|
|
continue
|
|
elif containsElement "${_port}" "${game_ports_udp_arr[@]}" ; then
|
|
continue
|
|
else
|
|
game_ports_udp_arr+=("$_port")
|
|
fi
|
|
done
|
|
IFS="$CUR_IFS"
|
|
fi
|
|
if $allow_game_ps4_out ; then
|
|
IFS=',' ; for _port in $standard_game_ps4_udp_ports ; do
|
|
if $allow_stun_turn_service_out && containsElement "${_port}" "${standard_turn_service_port_arr[@]}" ; then
|
|
continue
|
|
elif [[ "$_port" = "$standard_dns_port" ]] ; then
|
|
continue
|
|
elif containsElement "${_port}" "${game_ports_udp_arr[@]}" ; then
|
|
continue
|
|
else
|
|
game_ports_udp_arr+=("$_port")
|
|
fi
|
|
done
|
|
IFS="$CUR_IFS"
|
|
fi
|
|
if $allow_game_fifa21_out ; then
|
|
IFS=',' ; for _port in $standard_game_fifa21_udp_ports ; do
|
|
if $allow_stun_turn_service_out && containsElement "${_port}" "${standard_turn_service_port_arr[@]}" ; then
|
|
continue
|
|
elif [[ "$_port" = "$standard_dns_port" ]] ; then
|
|
continue
|
|
elif containsElement "${_port}" "${game_ports_udp_arr[@]}" ; then
|
|
continue
|
|
else
|
|
game_ports_udp_arr+=("$_port")
|
|
fi
|
|
done
|
|
IFS="$CUR_IFS"
|
|
fi
|
|
|
|
allow_stun_turn_service_out allow_stun_turn_service_out
|
|
|
|
declare -a game_ports_tcp_arr
|
|
if $allow_game_xbox_360_out ; then
|
|
IFS=',' ; for _port in $standard_game_xbox_one_tcp_ports ; do
|
|
if $allow_stun_turn_service_out && containsElement "${_port}" "${standard_turn_service_port_arr[@]}" ; then
|
|
continue
|
|
elif [[ "$_port" = "$standard_dns_port" ]] ; then
|
|
continue
|
|
elif $allow_http_request_out && containsElement "${_port}" "${standard_http_port_arr[@]}" ; then
|
|
continue
|
|
elif $allow_mail_request_out && containsElement "${_port}" "${standard_mailuser_port_arr[@]}" ; then
|
|
continue
|
|
elif containsElement "${_port}" "${game_ports_tcp_arr[@]}" ; then
|
|
continue
|
|
else
|
|
game_ports_tcp_arr+=("$_port")
|
|
fi
|
|
done
|
|
IFS="$CUR_IFS"
|
|
fi
|
|
if $allow_game_xbox_one_out ; then
|
|
IFS=',' ; for _port in $standard_game_xbox_one_tcp_ports ; do
|
|
if $allow_stun_turn_service_out && containsElement "${_port}" "${standard_turn_service_port_arr[@]}" ; then
|
|
continue
|
|
elif [[ "$_port" = "$standard_dns_port" ]] ; then
|
|
continue
|
|
elif $allow_http_request_out && containsElement "${_port}" "${standard_http_port_arr[@]}" ; then
|
|
continue
|
|
elif $allow_mail_request_out && containsElement "${_port}" "${standard_mailuser_port_arr[@]}" ; then
|
|
continue
|
|
elif containsElement "${_port}" "${game_ports_tcp_arr[@]}" ; then
|
|
continue
|
|
else
|
|
game_ports_tcp_arr+=("$_port")
|
|
fi
|
|
done
|
|
IFS="$CUR_IFS"
|
|
fi
|
|
if $allow_game_ps3_out ; then
|
|
IFS=',' ; for _port in $standard_game_ps3_tcp_ports ; do
|
|
if $allow_stun_turn_service_out && containsElement "${_port}" "${standard_turn_service_port_arr[@]}" ; then
|
|
continue
|
|
elif [[ "$_port" = "$standard_dns_port" ]] ; then
|
|
continue
|
|
elif $allow_http_request_out && containsElement "${_port}" "${standard_http_port_arr[@]}" ; then
|
|
continue
|
|
elif $allow_mail_request_out && containsElement "${_port}" "${standard_mailuser_port_arr[@]}" ; then
|
|
continue
|
|
elif containsElement "${_port}" "${game_ports_tcp_arr[@]}" ; then
|
|
continue
|
|
else
|
|
game_ports_tcp_arr+=("$_port")
|
|
fi
|
|
done
|
|
IFS="$CUR_IFS"
|
|
fi
|
|
if $allow_game_ps4_out ; then
|
|
IFS=',' ; for _port in $standard_game_ps4_tcp_ports ; do
|
|
if $allow_stun_turn_service_out && containsElement "${_port}" "${standard_turn_service_port_arr[@]}" ; then
|
|
continue
|
|
elif [[ "$_port" = "$standard_dns_port" ]] ; then
|
|
continue
|
|
elif $allow_http_request_out && containsElement "${_port}" "${standard_http_port_arr[@]}" ; then
|
|
continue
|
|
elif $allow_mail_request_out && containsElement "${_port}" "${standard_mailuser_port_arr[@]}" ; then
|
|
continue
|
|
elif containsElement "${_port}" "${game_ports_tcp_arr[@]}" ; then
|
|
continue
|
|
else
|
|
game_ports_tcp_arr+=("$_port")
|
|
fi
|
|
done
|
|
IFS="$CUR_IFS"
|
|
fi
|
|
if $allow_game_fifa21_out ; then
|
|
IFS=',' ; for _port in $standard_game_fifa21_tcp_ports ; do
|
|
if $allow_stun_turn_service_out && containsElement "${_port}" "${standard_turn_service_port_arr[@]}" ; then
|
|
continue
|
|
elif [[ "$_port" = "$standard_dns_port" ]] ; then
|
|
continue
|
|
elif $allow_http_request_out && containsElement "${_port}" "${standard_http_port_arr[@]}" ; then
|
|
continue
|
|
elif $allow_mail_request_out && containsElement "${_port}" "${standard_mailuser_port_arr[@]}" ; then
|
|
continue
|
|
elif containsElement "${_port}" "${game_ports_tcp_arr[@]}" ; then
|
|
continue
|
|
else
|
|
game_ports_tcp_arr+=("$_port")
|
|
fi
|
|
done
|
|
IFS="$CUR_IFS"
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
# ---
|
|
# - IPMI
|
|
# ---
|
|
|
|
declare -a ipmi_udp_port_arr
|
|
for _port in $ipmi_udp_ports ; do
|
|
ipmi_udp_port_arr+=("$_port")
|
|
done
|
|
|
|
declare -a ipmi_tcp_port_arr
|
|
for _port in $ipmi_tcp_ports ; do
|
|
ipmi_tcp_port_arr+=("$_port")
|
|
done
|
|
|
|
|
|
# ---
|
|
# - Portforwrds TCP
|
|
# ---
|
|
declare -a portforward_tcp_arr
|
|
for _str in $portforward_tcp ; do
|
|
portforward_tcp_arr+=("$_str")
|
|
done
|
|
|
|
# ---
|
|
# - Portforwrds UDP
|
|
# ---
|
|
declare -a portforward_udp_arr
|
|
for _str in $portforward_udp ; do
|
|
portforward_udp_arr+=("$_str")
|
|
done
|
|
|
|
# ---
|
|
# - MAC Address Filtering
|
|
# ---
|
|
declare -a allow_all_mac_src_address_arr
|
|
for _mac in $allow_all_mac_src_addresses ; do
|
|
allow_all_mac_src_address_arr+=("$_mac")
|
|
done
|
|
|
|
declare -a allow_local_mac_src_address_arr
|
|
for _mac in $allow_local_mac_src_addresses ; do
|
|
allow_local_mac_src_address_arr+=("$_mac")
|
|
done
|
|
|
|
declare -a allow_remote_mac_src_address_arr
|
|
for _mac in $allow_remote_mac_src_addresses ; do
|
|
allow_remote_mac_src_address_arr+=("$_mac")
|
|
done
|
|
|