firewall/ipt-gateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c2d62b72bd
ipt-gateway/conf/post_decalrations.conf

1939 lines
38 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# -----------
# --- Define Arrays
# -----------
# ---
# - Standard mail user prts
# ---
declare -a standard_mailuser_port_arr=()
CUR_IFS="$IFS"
IFS=',' ; for _port in $standard_mailuser_ports ; do
standard_mailuser_port_arr+=("${_port}")
done
IFS="$CUR_IFS"
# ---
# - Masquerade TCP Connections
# ---
declare -a nat_network_arr=()
for _net in $nat_networks ; do
nat_network_arr+=("$_net")
done
declare -a masquerade_tcp_con_arr=()
for _str in $masquerade_tcp_cons ; do
masquerade_tcp_con_arr+=("$_str")
done
declare -a masquerade_udp_con_arr=()
for _str in $masquerade_udp_cons ; do
masquerade_udp_con_arr+=("$_str")
done
declare -a masquerade_icmp_con_arr=()
for _str in $masquerade_icmp_cons ; do
masquerade_icmp_con_arr+=("$_str")
done
# ---
# - Extern Network interfaces (DSL, Staic Lines, All together)
# ---
declare -a nat_device_arr=()
declare -a dsl_device_arr=()
declare -a ext_if_arr=()
for _dev in $ext_ifs_dsl ; do
dsl_device_arr+=("$_dev")
ext_if_arr+=("$_dev")
nat_device_arr+=("$_dev")
done
for _dev in $ext_ifs_static ; do
ext_if_arr+=("$_dev")
done
for _dev in $nat_devices ; do
if ! containsElement $_dev "${nat_device_arr[@]}" ; then
nat_device_arr+=("$_dev")
fi
done
# =============
# --- Block UDP Ports out
# =============
declare -a block_udp_extern_out_port_arr=()
CUR_IFS="$IFS"
IFS=',' ; for _port in $block_udp_extern_out_ports ; do
block_udp_extern_out_port_arr+=("${_port}")
done
IFS="$CUR_IFS"
# =============
# --- Block TCP Ports out
# =============
declare -a block_tcp_extern_out_port_arr=()
CUR_IFS="$IFS"
IFS=',' ; for _port in $block_tcp_extern_out_ports ; do
block_tcp_extern_out_port_arr+=("${_port}")
done
IFS="$CUR_IFS"
# ---
# - VPN Interfaces
# ---
declare -a vpn_if_arr=()
for _dev in $vpn_ifs ; do
vpn_if_arr+=("$_dev")
done
# ---
# - WireGuard Interfaces
# ---
declare -a wg_if_arr=()
for _dev in $wg_ifs ; do
wg_if_arr+=("$_dev")
done
# ---
# - Local Network Interfaces
# ---
declare -a local_if_arr=()
for _dev in $local_ifs ; do
local_if_arr+=("$_dev")
done
# ---
# - Network Interfaces completly blocked
# ---
declare -a blocked_if_arr=()
for _dev in $blocked_ifs ; do
blocked_if_arr+=("$_dev")
done
# ---
# - Network Interfaces not firewalled
# ---
declare -a unprotected_if_arr=()
for _dev in $unprotected_ifs ; do
unprotected_if_arr+=("$_dev")
done
# ---
# - Restrict VPN Network to local Service
# ---
declare -a restrict_vpn_net_to_local_service_arr=()
for _val in $restrict_vpn_net_to_local_service ; do
restrict_vpn_net_to_local_service_arr+=("$_val")
done
# ---
# - Restrict VPN Network to local (Sub) network
# ---
declare -a restrict_vpn_net_to_local_subnet_arr=()
for _val in $restrict_vpn_net_to_local_subnet ; do
restrict_vpn_net_to_local_subnet_arr+=("$_val")
done
# ---
# - Allow these local networks any access to the internet
# ---
declare -a any_access_to_inet_network_arr=()
for _net in $any_access_to_inet_networks ; do
any_access_to_inet_network_arr+=("$_net")
done
declare -a any_access_from_inet_network_arr=()
for _net in $any_access_from_inet_networks ; do
any_access_from_inet_network_arr+=("$_net")
done
# ---
# - Allow local services from ALL extern netwoks
# ---
declare -a allow_all_ext_traffic_to_local_service_arr=()
for _val in $allow_all_ext_traffic_to_local_service ; do
allow_all_ext_traffic_to_local_service_arr+=("$_val")
done
# ---
# - Allow local services from given extern networks
# ---
declare -a allow_ext_net_to_local_service_arr=()
for _val in $allow_ext_net_to_local_service ; do
allow_ext_net_to_local_service_arr+=("$_val")
done
# ---
# - Allow all traffic from extern address/network to local address/network
# ---
declare -a allow_ext_net_to_local_net_arr=()
for _val in $allow_ext_net_to_local_net ; do
allow_ext_net_to_local_net_arr+=("$_val")
done
# ---
# - Block all extern traffic to (given) local network
# ---
declare -a block_all_ext_to_local_net_arr=()
for _net in $block_all_ext_to_local_net ; do
block_all_ext_to_local_net_arr+=("$_net")
done
# ---
# - Allow all traffic from local ip to the internet
# ---
declare -a allow_local_ip_to_inet_arr=()
for _ip in $allow_local_ip_to_inet ; do
allow_local_ip_to_inet_arr+=("$_ip")
done
# ---
# - Allow local services from given local networks
# ---
declare -a allow_local_net_to_local_service_arr=()
for _val in $allow_local_net_to_local_service ; do
allow_local_net_to_local_service_arr+=("$_val")
done
# ---
# - Allow all traffic from local network to local ip-address
# ---
declare -a allow_local_net_to_local_ip_arr=()
for _val in $allow_local_net_to_local_ip ; do
allow_local_net_to_local_ip_arr+=("$_val")
done
# ---
# - Allow all traffic from local ip-address to local network
# ---
declare -a allow_local_ip_to_local_net_arr=()
for _val in $allow_local_ip_to_local_net ; do
allow_local_ip_to_local_net_arr+=("$_val")
done
# ---
# - Allow all traffic from (one) local network to (another) local network
# ---
declare -a allow_local_net_to_local_net_arr=()
for _val in $allow_local_net_to_local_net ; do
allow_local_net_to_local_net_arr+=("$_val")
done
# ---
# - Allow local ip address from given local interface
# ---
declare -a allow_local_if_to_local_ip_arr=()
for _val in $allow_local_if_to_local_ip ; do
allow_local_if_to_local_ip_arr+=("$_val")
done
# ---
# - Allow extern service from given local interface
# ---
declare -a allow_local_if_to_ext_service_arr=()
for _val in $allow_local_if_to_ext_service ; do
allow_local_if_to_ext_service_arr+=("$_val")
done
# ---
# - Allow extern network from given local interface
# ---
declare -a allow_local_if_to_ext_net_arr=()
for _val in $allow_local_if_to_ext_net ; do
allow_local_if_to_ext_net_arr+=("$_val")
done
# ---
# - Allow extern service from given local network
# ---
declare -a allow_local_net_to_ext_service_arr=()
for _val in $allow_local_net_to_ext_service ; do
allow_local_net_to_ext_service_arr+=("$_val")
done
# ---
# - Allow extern network from given local network
# ---
declare -a allow_local_net_to_ext_net_arr=()
for _val in $allow_local_net_to_ext_net ; do
allow_local_net_to_ext_net_arr+=("$_val")
done
# ---
# - Allow extern service
# ---
declare -a allow_to_ext_service_arr=()
for _val in $allow_to_ext_service ; do
allow_to_ext_service_arr+=("$_val")
done
# ---
# - Allow extern network
# ---
declare -a allow_to_ext_net_arr=()
for _val in $allow_to_ext_net ; do
allow_to_ext_net_arr+=("$_val")
done
# ---
# - Separate local Networks
# ---
declare -a separate_local_network_arr=()
for _net in $separate_local_networks ; do
separate_local_network_arr+=("$_net")
done
# ---
# - Separate local Interfaces
# ---
declare -a separate_local_if_arr=()
for _net in $separate_local_ifs ; do
separate_local_if_arr+=("$_net")
done
# ---
# - Generally block ports on extern interfaces
# ---
declare -a block_tcp_port_arr=()
for _port in $block_tcp_ports ; do
block_tcp_port_arr+=("$_port")
done
declare -a block_udp_port_arr=()
for _port in $block_udp_ports ; do
block_udp_port_arr+=("$_port")
done
# ---
# - Not wanted on intern interfaces
# ---
declare -a not_wanted_on_gw_tcp_port_arr=()
for _port in $not_wanted_on_gw_tcp_ports ; do
not_wanted_on_gw_tcp_port_arr+=("$_port")
done
declare -a not_wanted_on_gw_udp_port_arr=()
for _port in $not_wanted_on_gw_udp_ports ; do
not_wanted_on_gw_udp_port_arr+=("$_port")
done
# ---
# - Private IPs / IP-Ranges allowed to forward
# ---
declare -a forward_private_ip_arr=()
for _ip in $forward_private_ips ; do
forward_private_ip_arr+=("$_ip")
done
# ---
# - IP Addresses to log
# ---
declare -a log_ip_arr=()
for _ip in $log_ips ; do
log_ip_arr+=("$_ip")
done
# ---
# - Network Devices local DHCP Client
# ---
declare -a dhcp_client_interfaces_arr=()
for _dev in $dhcp_client_interfaces ; do
dhcp_client_interfaces_arr+=("$_dev")
done
# ---
# - IP Addresses DHCP Failover Server
# ---
declare -a dhcp_failover_server_ip_arr=()
for _ip in $dhcp_failover_server_ips ; do
dhcp_failover_server_ip_arr+=("$_ip")
done
# ---
# - IP Adresses DNS Server
# ---
declare -a dns_server_ip_arr=()
for _ip in $dns_server_ips ; do
dns_server_ip_arr+=("$_ip")
done
# ---
# - IP Adresses SSH Server only at ocal Networks
# ---
declare -a ssh_server_only_local_ip_arr=()
for _ip in $ssh_server_only_local_ips ; do
ssh_server_only_local_ip_arr+=("$_ip")
done
# ---
# - IP Adresses HTTP Server only local Networks
# ---
declare -a http_server_only_local_ip_arr=()
for _ip in $http_server_only_local_ips ; do
http_server_only_local_ip_arr+=("$_ip")
done
# ---
# - IP Addresses Mail Server only local Networks
# ---
declare -a mail_server_only_local_ip_arr=()
for _ip in $mail_server_only_local_ips ; do
mail_server_only_local_ip_arr+=("$_ip")
done
# ---
# - IP Addresses FTP Server
# ---
declare -a ftp_server_only_local_ip_arr=()
for _ip in $ftp_server_only_local_ips ; do
ftp_server_only_local_ip_arr+=("$_ip")
done
# ---
# - IP Addresses Samba Server
# ---
declare -a samba_server_local_ip_arr=()
for _ip in $samba_server_local_ips ; do
samba_server_local_ip_arr+=("$_ip")
done
# ---
# - IP Addresses LDAP Server
# ---
declare -a ldap_server_local_ip_arr=()
for _ip in $ldap_server_local_ips ; do
ldap_server_local_ip_arr+=("$_ip")
done
# ---
# - IP Adresses Telephone Systems
# ---
declare -a tele_sys_ip_arr=()
for _ip in $tele_sys_ips ; do
tele_sys_ip_arr+=("$_ip")
done
# ---
# - IP Adresses SNMP Server
# ---
declare -a snmp_server_ip_arr=()
for _ip in $snmp_server_ips ; do
snmp_server_ip_arr+=("$_ip")
done
# ---
# - IP Adresses FreeIPA Server
# ---
declare -a freeipa_server_ip_arr=()
for _ip in $freeipa_server_ips ; do
freeipa_server_ip_arr+=("$_ip")
done
# ---
# - IP Adresses Munin Service
# ---
declare -a munin_local_server_ip_arr=()
for _ip in $munin_local_server_ips ; do
munin_local_server_ip_arr+=("$_ip")
done
# ---
# - IP Adresses Checkmk Monitoring Service
# ---
declare -a checkmk_local_server_ip_arr=()
for _ip in $checkmk_local_server_ips ; do
checkmk_local_server_ip_arr+=("$_ip")
done
# ---
# - IP Adresses XyMon
# ---
declare -a xymon_server_ip_arr=()
for _ip in $xymon_server_ips ; do
xymon_server_ip_arr+=("$_ip")
done
# ---
# - IP Adresses IPMI interface
# ---
declare -a ipmi_server_ip_arr=()
for _ip in $ipmi_server_ips ; do
ipmi_server_ip_arr+=("$_ip")
done
# ---
# -IP Addresses Ubiquiti Unifi Accesspoints
# ---
declare -a unifi_ap_local_ip_arr=()
for _ip in $unifi_ap_local_ips ; do
unifi_ap_local_ip_arr+=("$_ip")
done
declare -a unifi_ap_extern_ip_arr=()
for _ip in $unifi_ap_extern_ips ; do
unifi_ap_extern_ip_arr+=("$_ip")
done
declare -a unifi_controller_gateway_ip_arr=()
for _ip in $unifi_controller_gateway_ips ; do
unifi_controller_gateway_ip_arr+=("$_ip")
done
declare -a unify_controller_local_net_ip_arr=()
for _ip in $unify_controller_local_net_ips ; do
unify_controller_local_net_ip_arr+=("$_ip")
done
# ---
# - IP Addresses Printer
# -
declare -a printer_ip_arr=()
for _ip in $printer_ips ; do
printer_ip_arr+=("$_ip")
done
# ---
# - IP Adresses Brother Scanner (brscan)
# ---
declare -a brother_scanner_ip_arr=()
for _ip in $brother_scanner_ips ; do
brother_scanner_ip_arr+=("$_ip")
done
# ---
# - IP Adresses Epson Network Scanner
# ---
declare -a epson_scanner_ip_arr=()
for _ip in $epson_scanner_ips ; do
epson_scanner_ip_arr+=("$_ip")
done
# ---
# - IP Addresses PCNS Server
# ---
declare -a pcns_server_ip_arr=()
for _ip in $pcns_server_ips ; do
pcns_server_ip_arr+=("$_ip")
done
# ---
# - IP Addresses VNC Service
# ---
declare -a rm_server_ip_arr=()
for _ip in $rm_server_ips ; do
rm_server_ip_arr+=("$_ip")
done
# ---
# - IP Addresses Rsync Out
# ---
# local
declare -a rsync_out_ip_arr=()
for _ip in $rsync_out_ips ; do
rsync_out_ip_arr+=("$_ip")
done
# ---
# - Other local Services
# ---
declare -a other_service_arr=()
for _val in $other_services ; do
other_service_arr+=("$_val")
done
# ==================================================
# BEGIN: gather out ports
# ==================================================
# ===
# Services
# ===
declare -a out_udp_port_arr=()
declare -a out_tcp_port_arr=()
# Servives local ports
#
declare -a out_udp_local_port_arr=()
declare -a out_tcp_local_port_arr=()
# ---
# - DNS out only
# ---
out_udp_port_arr+=("$standard_dns_port")
out_tcp_port_arr+=("$standard_dns_port")
# ---
# - SSH out only
# ---
if $allow_ssh_request_out ; then
out_tcp_port_arr+=("$standard_ssh_port")
fi
# ---
# SSH Service Gateway
#
# SSH Services only local Network
# ---
declare -a ssh_port_arr=()
for _port in $ssh_ports ; do
ssh_port_arr+=("$_port")
done
# ---
# - Cisco kompartible VPN Ports
# ---
declare -a cisco_vpn_out_port_arr=()
for _port in $cisco_vpn_out_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
cisco_vpn_out_port_arr+=("$_port")
if $allow_cisco_vpn_out ; then
out_tcp_port_arr+=("$_port")
fi
done
# ---
# - VPN Ports
# ---
declare -a vpn_gw_port_arr=()
for _port in $vpn_gw_ports ; do
vpn_gw_port_arr+=("$_port")
done
declare -a vpn_local_net_port_arr=()
for _port in $vpn_local_net_ports ; do
vpn_local_net_port_arr+=("$_port")
done
declare -a vpn_out_port_arr=()
if [[ -z "$vpn_out_ports" ]] ; then
vpn_out_ports="$standard_vpn_port"
fi
for _port in $vpn_out_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
vpn_out_port_arr+=("$_port")
if $allow_vpn_out ; then
out_udp_port_arr+=("$_port")
fi
done
# ---
# - WireGuard Ports
# ---
declare -a wg_gw_port_arr=()
for _port in $wg_gw_ports ; do
wg_gw_port_arr+=("$_port")
done
declare -a wg_local_net_port_arr=()
for _port in $wg_local_net_ports ; do
wg_local_net_port_arr+=("$_port")
done
declare -a wg_out_port_arr=()
if [[ -z "$wg_out_ports" ]] ; then
wg_out_ports="$standard_wg_port"
fi
# WireGuard Service only out
for _port in $wg_out_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
wg_out_port_arr+=("$_port")
if $allow_wg_out ; then
out_udp_port_arr+=("$_port")
fi
done
# ---
# - Standard http ports
# ---
#HTTP(S) OUT
declare -a standard_http_port_arr=()
CUR_IFS="$IFS"
IFS=',' ; for _port in $standard_http_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
standard_http_port_arr+=("${_port}")
if $allow_http_request_out ; then
out_tcp_port_arr+=("$_port")
fi
done
IFS="$CUR_IFS"
# Mail Service SMTP only out
if $allow_smtp_request_out ; then
if containsElement "${standard_smtp_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
out_tcp_port_arr+=("${standard_smtp_port}")
fi
# ---
# - Standard mail user prts
# ---
declare -a standard_mailuser_port_arr=()
CUR_IFS="$IFS"
IFS=',' ; for _port in $standard_mailuser_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
standard_mailuser_port_arr+=("${_port}")
if $allow_mail_request_out ; then
out_tcp_port_arr+=("$_port")
fi
done
IFS="$CUR_IFS"
# ---
# Additional SMTP Outgoing Ports
# ---
declare -a smtpd_additional_outgoung_port_arr=()
CUR_IFS="$IFS"
IFS=',' ; for _port in $smtpd_additional_outgoung_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
smtpd_additional_outgoung_port_arr+=("${_port}")
if $allow_mail_request_out ; then
out_tcp_port_arr+=("$_port")
fi
done
IFS="$CUR_IFS"
# ---
# - FTP out only
# ---
if $allow_ftp_request_out ; then
if containsElement "${standard_ftp_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
out_tcp_port_arr+=("${standard_ftp_port}")
fi
# ---
# - Samba Service only out
# ---
declare -a samba_udp_port_arr=()
declare -a samba_udp_port_local_arr=()
for _port in $samba_udp_ports ; do
samba_udp_port_local_arr+=("${_port}")
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
samba_udp_port_arr+=("$_port")
if $allow_samba_requests_out; then
out_udp_port_arr+=("$_port")
fi
done
declare -a samba_tcp_port_arr=()
declare -a samba_tcp_port_local_arr=()
for _port in $samba_tcp_ports ; do
samba_tcp_port_local_arr+=("${_port}")
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
samba_tcp_port_arr+=("$_port")
if $allow_samba_requests_out; then
out_tcp_port_arr+=("$_port")
fi
done
# ---
# - LDAP Ports
# ---
declare -a ldap_udp_port_arr=()
declare -a ldap_udp_port_local_arr=()
for _port in $ldap_udp_ports ; do
ldap_udp_port_local_arr+=("$_port")
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
ldap_udp_port_local_arr+=("$_port")
if $allow_samba_requests_out; then
out_udp_port_arr+=("$_port")
fi
done
declare -a ldap_tcp_port_arr=()
declare -a ldap_tcp_port_local_arr=()
for _port in $ldap_tcp_ports ; do
ldap_tcp_port_local_arr+=("$_port")
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
ldap_tcp_port_local_arr+=("$_port")
if $allow_samba_requests_out; then
out_tcp_port_arr+=("$_port")
fi
done
# ---
# - NTP out only
# ---
if $allow_ntp_request_out ; then
if containsElement "${standard_ntp_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
out_udp_port_arr+=("$standard_ntp_port")
fi
# ---
# - PGP Keyserver out only
# ---
if $allow_pgpserver_request_out ; then
if containsElement "${standard_pgp_keyserver_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
out_tcp_port_arr+=("$standard_pgp_keyserver_port")
fi
# ---
# - Telnet out only
# ---
if $allow_telnet_request_out ; then
if containsElement "${standard_telnet_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
out_tcp_port_arr+=("$standard_telnet_port")
fi
# ---
# - Whois out only
# ---
if $allow_whois_request_out ; then
if containsElement "${standard_whois_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
out_tcp_port_arr+=("$standard_whois_port")
fi
# ---
# - CPAN Wait only out
# ---
if $allow_cpan_wait_request_out ; then
if containsElement "${standard_cpan_wait_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
out_tcp_port_arr+=("$standard_cpan_wait_port")
fi
# ---
# - HBCI only out (only forward)
# ---
if $allow_hbci_request_out ; then
if containsElement "${standard_hbci_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
out_tcp_port_arr+=("$standard_hbci_port")
fi
# ---
# - Jabber only out
# ---
if $allow_jabber_request_out ; then
if containsElement "${standard_jabber_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
out_tcp_port_arr+=("$standard_jabber_port")
fi
# ---
# - Silc only out
# ---
if $allow_silc_request_out ; then
if containsElement "${standard_silc_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
out_tcp_port_arr+=("$standard_silc_port")
fi
# ---
# - IRC (Internet Relay Chat) only out
# ---
if $allow_irc_request_out ; then
if containsElement "${standard_irc_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
out_tcp_port_arr+=("$standard_irc_port")
fi
# ---
# - MySQL (only OUT)
# ---
if $allow_mysql_request_out ; then
if containsElement "${standard_mysql_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
out_tcp_port_arr+=("$standard_mysql_port")
fi
# ---
# - Timeserver (Port 37 NOT NTP!)"
# ---
if $allow_timeserver_request_out && ! containsElement "${standard_timeserver_port}" "${out_tcp_port_arr[@]}" ; then
out_tcp_port_arr+=("$standard_timeserver_port")
fi
# ---
# - Mumble Service out only
# ---
if $allow_mumble_request_out && ! containsElement "${standard_mumble_port}" "${out_tcp_port_arr[@]}" ; then
out_tcp_port_arr+=("$standard_mumble_port")
fi
# ---
# - Remote Console (VNC) only out
# ---
if $allow_remote_console_request_out ; then
if containsElement "${standard_remote_console_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
out_tcp_port_arr+=("$standard_remote_console_port")
fi
# ---
# - Allow speedtest ?
# ---
if $allow_speedtest ; then
if containsElement "${standard_speedtest_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
out_tcp_port_arr+=("$standard_speedtest_port")
fi
# ---
# - Outbound Streaming
# ---
declare -a outbound_streaming_tcp_port_arr=()
CUR_IFS="$IFS"
IFS=',' ; for _port in $standard_outbound_streaming_tcp_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
outbound_streaming_tcp_port_arr+=("$_port")
if $allow_outbound_streaming ; then
out_tcp_port_arr+=("$_port")
fi
done
IFS="$CUR_IFS"
declare -a outbound_streaming_udp_port_arr=()
CUR_IFS="$IFS"
IFS=',' ; for _port in $standard_outbound_streaming_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
outbound_streaming_udp_port_arr+=("$_port")
if $allow_outbound_streaming ; then
out_udp_port_arr+=("$_port")
fi
done
IFS="$CUR_IFS"
# ---
# - Turn/Stun Ports
# ---
if $allow_outbound_streaming \
|| $allow_echo360_video_streaming \
|| $allow_bigbluebutton_video_conference_out \
|| $allow_ms_skype_teams_out \
|| $allow_webex_video_conference_out \
|| $allow_zoom_video_conference_out \
|| $allow_jitsi_video_conference_out \
|| $allow_alfaview_video_conference_out \
|| $allow_nc_turn_video_conference_out ; then
allow_stun_turn_service_out=true
else
allow_stun_turn_service_out=false
fi
declare -a standard_turn_service_tcp_port_arr=()
declare -a standard_turn_service_udp_port_arr=()
CUR_IFS="$IFS"
IFS=',' ; for _port in $standard_turn_service_ports ; do
if ! containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
standard_turn_service_tcp_port_arr+=("$_port")
if $allow_stun_turn_service_out ; then
out_tcp_port_arr+=("$_port")
fi
done
IFS=',' ; for _port in $standard_turn_service_ports ; do
if ! containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
standard_turn_service_udp_port_arr+=("$_port")
if $allow_stun_turn_service_out ; then
out_udp_port_arr+=("$_port")
fi
done
IFS=',' ; for _port in $standard_turn_service_udp_ports ; do
if ! containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
standard_turn_service_udp_port_arr+=("$_port")
if $allow_stun_turn_service_out ; then
out_udp_port_arr+=("$_port")
fi
done
IFS="$CUR_IFS"
# ---
# - Echo360 Video Plattform
# ---
declare -a echo360_udp_port_arr=()
CUR_IFS="$IFS"
IFS=',' ; for _port in $standard_echo360_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
echo360_udp_port_arr+=("$_port")
if $allow_echo360_video_streaming ; then
out_udp_port_arr+=("$_port")
fi
done
IFS="$CUR_IFS"
# ---
# - IP Camera
# ---
declare -a ip_camera_tcp_port_arr=()
CUR_IFS="$IFS"
IFS=',' ; for _port in $ip_camera_tcp_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
ip_camera_tcp_port_arr+=("$_port")
if $allow_ip_camera_out ; then
out_tcp_port_arr+=("$_port")
fi
done
IFS="$CUR_IFS"
declare -a ip_camera_udp_port_arr=()
CUR_IFS="$IFS"
IFS=',' ; for _port in $ip_camera_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
ip_camera_udp_port_arr+=("$_port")
if $allow_ip_camera_out ; then
out_udp_port_arr+=("$_port")
fi
done
IFS="$CUR_IFS"
# ---
# - BigBlueButton Video Conference Service
# ---
declare -a bigbluebutton_tcp_port_arr=()
CUR_IFS="$IFS"
IFS=',' ; for _port in $bigbluebutton_tcp_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
bigbluebutton_tcp_port_arr+=("$_port")
if $allow_bigbluebutton_video_conference_out ; then
out_tcp_port_arr+=("$_port")
fi
done
IFS="$CUR_IFS"
declare -a bigbluebutton_udp_port_arr=()
CUR_IFS="$IFS"
IFS=',' ; for _port in $bigbluebutton_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
bigbluebutton_udp_port_arr+=("$_port")
if $allow_bigbluebutton_video_conference_out ; then
out_udp_port_arr+=("$_port")
fi
done
IFS="$CUR_IFS"
# ---
# - Skype for Business Online und Microsoft Teams
# ---
CUR_IFS="$IFS"
declare -a ms_skype_teams_udp4_host_arr=()
declare -a ms_skype_teams_udp6_host_arr=()
declare -a ms_skype_teams_udp4_port_arr=()
declare -a ms_skype_teams_udp6_port_arr=()
declare -a ms_skype_teams_tcp_port_arr=()
if [[ -n "$ms_skype_teams_udp4_hosts" ]]; then
for _host in $ms_skype_teams_udp4_hosts ; do
ms_skype_teams_udp4_host_arr+=("$_host")
done
fi
if [[ -n "$ms_skype_teams_udp6_hosts" ]]; then
for _host in $ms_skype_teams_udp6_hosts ; do
ms_skype_teams_udp6_host_arr+=("$_host")
done
fi
IFS=',' ; for _port in $ms_skype_teams_udp4_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
ms_skype_teams_udp4_port_arr+=("$_port")
done
IFS="$CUR_IFS"
IFS=',' ; for _port in $ms_skype_teams_udp6_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
ms_skype_teams_udp6_port_arr+=("$_port")
done
IFS="$CUR_IFS"
IFS=',' ; for _port in $ms_skype_teams_tcp_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
ms_skype_teams_tcp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
# ---
# - Webex Meeting Video Conference Service out only
# ---
declare -a webex_tcp_port_arr=()
declare -a webex_udp_port_arr=()
IFS=',' ; for _port in $webex_tcp_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
webex_tcp_port_arr+=("$_port")
if $allow_webex_video_conference_out ; then
out_tcp_port_arr+=("$_port")
fi
done
IFS=',' ; for _port in $webex_tcp_fall_back_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
webex_tcp_port_arr+=("$_port")
if $allow_webex_video_conference_out ; then
out_tcp_port_arr+=("$_port")
fi
done
IFS=',' ; for _port in $webex_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
webex_udp_port_arr+=("$_port")
if $allow_webex_video_conference_out ; then
out_udp_port_arr+=("$_port")
fi
done
IFS="$CUR_IFS"
# ---
# Zoom Meetings - Video Conference - adjust 'zoom_tcp_ports'
# ---
declare -a zoom_tcp_port_arr=()
declare -a zoom_udp_port_arr=()
IFS=',' ; for _port in $zoom_tcp_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
zoom_tcp_port_arr+=("$_port")
if $allow_zoom_video_conference_out ; then
out_tcp_port_arr+=("$_port")
fi
done
IFS=',' ; for _port in $zoom_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
zoom_udp_port_arr+=("$_port")
if $allow_zoom_video_conference_out ; then
out_udp_port_arr+=("$_port")
fi
done
IFS="$CUR_IFS"
# ---
# - Jitsi Video Conference Service out only
# ---
declare -a jitsi_tcp_port_arr=()
declare -a jitsi_udp_port_arr=()
IFS=',' ; for _port in $jitsi_tcp_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
jitsi_tcp_port_arr+=("$_port")
if $allow_jitsi_video_conference_out ; then
out_tcp_port_arr+=("$_port")
fi
done
IFS=',' ; for _port in $jitsi_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
jitsi_udp_port_arr+=("$_port")
if $allow_jitsi_video_conference_out ; then
out_udp_port_arr+=("$_port")
fi
done
IFS="$CUR_IFS"
# ---
# - alfaview - Video Conferencing Systems
# ---
declare -a alfaview_tcp_port_arr=()
declare -a alfaview_udp_port_arr=()
IFS=',' ; for _port in $alfaview_tcp_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
alfaview_tcp_port_arr+=("$_port")
if $allow_alfaview_video_conference_out ; then
out_tcp_port_arr+=("$_port")
fi
done
IFS=',' ; for _port in $alfaview_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
alfaview_udp_port_arr+=("$_port")
if $allow_alfaview_video_conference_out ; then
out_udp_port_arr+=("$_port")
fi
done
IFS="$CUR_IFS"
# ---
# - Nextcloud 'talk' App
# ---
declare -a nc_turn_tcp_port_arr=()
declare -a nc_turn_udp_port_arr=()
IFS=',' ; for _port in $nc_turn_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
nc_turn_tcp_port_arr+=("$_port")
if $allow_nc_turn_video_conference_out ; then
out_tcp_port_arr+=("$_port")
fi
done
IFS=',' ; for _port in $nc_turn_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
nc_turn_udp_port_arr+=("$_port")
if $allow_nc_turn_video_conference_out ; then
out_udp_port_arr+=("$_port")
fi
done
IFS="$CUR_IFS"
IFS=',' ; for _port in $nc_turn_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
nc_turn_udp_port_arr+=("$_port")
if $allow_nc_turn_video_conference_out ; then
out_udp_port_arr+=("$_port")
fi
done
IFS="$CUR_IFS"
# ---
# - Special TCP Ports OUT
# ---
declare -a tcp_out_port_arr=()
for _port in $tcp_out_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
tcp_out_port_arr+=("$_port")
out_tcp_port_arr+=("$_port")
done
# ---
# - Special UDP Ports OUT
# ---
# local
declare -a udp_out_port_arr=()
for _port in $udp_out_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
udp_out_port_arr+=("$_port")
out_udp_port_arr+=("$_port")
done
# ---
# - Rsync Out Ports
# --
declare -a rsync_port_arr=()
for _port in $rsync_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
rsync_port_arr+=("$_port")
out_tcp_port_arr+=("$_port")
done
# ---
# Gaming
# ---
if $allow_game_steam_out \
|| $allow_game_call_of_duty \
|| $allow_game_xbox_one_out \
|| $allow_game_xbox_360_out \
|| $allow_game_ps3_out \
|| $allow_game_ps4_out \
|| $allow_game_fifa21_out ; then
allow_gaming_out=true
else
allow_gaming_out=false
fi
# Games local ports
#
declare -a game_ports_local_udp_arr=()
if $allow_game_steam_out ; then
IFS=',' ; for _port in $standard_game_steam_udp_local_ports ; do
if containsElement "${_port}" "${out_udp_local_port_arr[@]}" ; then
continue
fi
out_udp_local_port_arr+=("$_port")
game_ports_local_udp_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_call_of_duty ; then
IFS=',' ; for _port in $standard_game_call_of_duty_udp_local_ports ; do
if containsElement "${_port}" "${out_udp_local_port_arr[@]}" ; then
continue
fi
out_udp_local_port_arr+=("$_port")
game_ports_local_udp_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
declare -a game_ports_local_tcp_arr=()
if $allow_game_steam_out ; then
IFS=',' ; for _port in $standard_game_steam_tcplocal_ports ; do
if containsElement "${_port}" "${out_tcp_local_port_arr[@]}" ; then
continue
fi
out_tcp_local_port_arr+=("$_port")
game_ports_local_tcp_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
# Games (remote) ports
#
declare -a game_ports_udp_arr=()
if $allow_gaming_out ; then
IFS=',' ; for _port in $standard_game_universell_udp ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
game_ports_udp_arr+=("$_port")
out_udp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_xbox_360_out ; then
IFS=',' ; for _port in $standard_game_xbox_one_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
game_ports_udp_arr+=("$_port")
out_udp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_xbox_one_out ; then
IFS=',' ; for _port in $standard_game_xbox_one_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
game_ports_udp_arr+=("$_port")
out_udp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_ps3_out ; then
IFS=',' ; for _port in $standard_game_ps3_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
game_ports_udp_arr+=("$_port")
out_udp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_ps4_out ; then
IFS=',' ; for _port in $standard_game_ps4_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
game_ports_udp_arr+=("$_port")
out_udp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_fifa21_out ; then
IFS=',' ; for _port in $standard_game_fifa21_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
game_ports_udp_arr+=("$_port")
out_udp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_steam_out ; then
IFS=',' ; for _port in $standard_game_steam_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
game_ports_udp_arr+=("$_port")
out_udp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_call_of_duty ; then
IFS=',' ; for _port in $standard_game_call_of_duty_pc_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
game_ports_udp_arr+=("$_port")
out_udp_port_arr+=("$_port")
done
IFS=',' ; for _port in $standard_game_call_of_duty_ps_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
game_ports_udp_arr+=("$_port")
out_udp_port_arr+=("$_port")
done
IFS=',' ; for _port in $standard_game_call_of_duty_xbox_udp_ports ; do
if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then
continue
fi
game_ports_udp_arr+=("$_port")
out_udp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
declare -a game_ports_tcp_arr=()
if $allow_gaming_out ; then
IFS=',' ; for _port in $standard_game_universell_tcp ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
game_ports_tcp_arr+=("$_port")
out_tcp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_xbox_360_out ; then
IFS=',' ; for _port in $standard_game_xbox_one_tcp_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
game_ports_tcp_arr+=("$_port")
out_tcp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_xbox_one_out ; then
IFS=',' ; for _port in $standard_game_xbox_one_tcp_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
game_ports_tcp_arr+=("$_port")
out_tcp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_ps3_out ; then
IFS=',' ; for _port in $standard_game_ps3_tcp_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
game_ports_tcp_arr+=("$_port")
out_tcp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_ps4_out ; then
IFS=',' ; for _port in $standard_game_ps4_tcp_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
game_ports_tcp_arr+=("$_port")
out_tcp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_fifa21_out ; then
IFS=',' ; for _port in $standard_game_fifa21_tcp_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
game_ports_tcp_arr+=("$_port")
out_tcp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_steam_out ; then
IFS=',' ; for _port in $standard_game_steam_tcp_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
game_ports_tcp_arr+=("$_port")
out_tcp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
if $allow_game_call_of_duty ; then
IFS=',' ; for _port in $standard_game_call_of_duty_pc_tcp_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
game_ports_tcp_arr+=("$_port")
out_tcp_port_arr+=("$_port")
done
IFS=',' ; for _port in $standard_game_call_of_duty_ps_tcp_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
game_ports_tcp_arr+=("$_port")
out_tcp_port_arr+=("$_port")
done
IFS=',' ; for _port in $standard_game_call_of_duty_xbox_tcp_ports ; do
if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then
continue
fi
game_ports_tcp_arr+=("$_port")
out_tcp_port_arr+=("$_port")
done
IFS="$CUR_IFS"
fi
# ==================================================
# END: gather out ports
# ==================================================
# ---
# - IPMI
# ---
declare -a ipmi_udp_port_arr=()
for _port in $ipmi_udp_ports ; do
ipmi_udp_port_arr+=("$_port")
done
declare -a ipmi_tcp_port_arr=()
for _port in $ipmi_tcp_ports ; do
ipmi_tcp_port_arr+=("$_port")
done
# ---
# - Portforwrds TCP
# ---
declare -a portforward_tcp_arr=()
for _str in $portforward_tcp ; do
portforward_tcp_arr+=("$_str")
done
# ---
# - Portforwrds UDP
# ---
declare -a portforward_udp_arr=()
for _str in $portforward_udp ; do
portforward_udp_arr+=("$_str")
done
# ---
# - MAC Address Filtering
# ---
declare -a allow_all_mac_src_address_arr=()
for _mac in $allow_all_mac_src_addresses ; do
allow_all_mac_src_address_arr+=("$_mac")
done
declare -a allow_local_mac_src_address_arr=()
for _mac in $allow_local_mac_src_addresses ; do
allow_local_mac_src_address_arr+=("$_mac")
done
declare -a allow_remote_mac_src_address_arr=()
for _mac in $allow_remote_mac_src_addresses ; do
allow_remote_mac_src_address_arr+=("$_mac")
done
# ---
# - MAC Address Filtering Gaming Devices
# ---
declare -a gaming_device_mac_address_arr=()
for _mac in $gaming_device_mac_addresses ; do
gaming_device_mac_address_arr+=("$_mac")
done
# ---
# - IP Address Filtering Gaming Devices
# ---
declare -a gaming_device_ip_address_arr=()
for _ip in $gaming_device_ip_addresses ; do
gaming_device_ip_address_arr+=("$_ip")
done
Reference in New Issue View Git Blame Copy Permalink