firewall/ipt-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support local NTP Server.

Browse Source
This commit is contained in:
Christoph 2019-09-01 17:29:54 +02:00
parent 70f62dc7fa
commit 142778c718
4 changed files with 71 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
conf/main_ipv4.conf.sample
View File

@ -199,6 +199,21 @@ forward_vpn_server_ips=""
vpn_ports="$standard_vpn_port"
# local NTP Server
#
local_ntp_service=false
# NPT Port used by local service
#
ntp_port="$standard_ntp_port"
# Network allowed for NTP requests
#
# Note: if not set no port will be open!
#
ntp_allowed_net=""
# DHCP Server
#
# Comma seperated Interface list for DHCP services

18
conf/main_ipv6.conf.sample
View File

@ -212,6 +212,24 @@ forward_vpn_server_ips=""
vpn_ports="$standard_vpn_port"
# local NTP Server
#
local_ntp_service=false
# NPT Port used by local service
#
ntp_port="$standard_ntp_port"
# Network allowed for NTP requests
#
# Note: if not set no port will be open!
#
# Example:
# ntp_allowed_net="2001:678:a40:3000::/64"
#
ntp_allowed_net=""
# DHCP Server
#
# Comma seperated Interface list for DHCP services

18
ip6t-firewall-server
View File

@ -1685,6 +1685,24 @@ done
echo_done
# ---
# - NTP local Service"
# ---
echononl "\t\tNTP local Service"
if [[ -n $local_ntp_service ]] && $local_ntp_service ; then
if [[ -z "$ntp_allowed_net" ]] ; then
echo_failed
else
$ip6t -A OUTPUT -p udp -d $ntp_allowed_net --dport $ntp_port -m conntrack --ctstate NEW -j ACCEPT
$ip6t -A INPUT -p udp -s $ntp_allowed_net --dport $ntp_port -m conntrack --ctstate NEW -j ACCEPT
echo_done
fi
else
echo_skipped
fi
# ---
# - Whois out only
# ---

20
ipt-firewall-server
View File

@ -1929,6 +1929,26 @@ done
echo_done
# ---
# - NTP local Service"
# ---
echononl "\t\tNTP local Service"
if [[ -n $local_ntp_service ]] && $local_ntp_service ; then
if [[ -z "$ntp_allowed_net" ]] ; then
echo_failed
else
$ipt -A OUTPUT -p udp -d $ntp_allowed_net --dport $ntp_port -m conntrack --ctstate NEW -j ACCEPT
$ipt -A INPUT -p udp -s $ntp_allowed_net --dport $ntp_port -m conntrack --ctstate NEW -j ACCEPT
echo_done
fi
else
echo_skipped
fi
# ---
# - Whois out only
# ---