From 1b35830610fd50d43939eac8dbcbdc9a32f51f4d Mon Sep 17 00:00:00 2001 From: ckubu Date: Mon, 2 Sep 2019 01:05:22 +0200 Subject: [PATCH] Add support for XMPP (Jabber Prosody) Service --- conf/main_ipv4.conf.sample | 25 ++++++++++++++++ conf/main_ipv6.conf.sample | 28 ++++++++++++++++++ conf/post_decalrations.conf | 35 ++++++++++++++++++++++ ip6t-firewall-server | 58 +++++++++++++++++++++++++++++++++++++ ipt-firewall-server | 58 +++++++++++++++++++++++++++++++++++++ 5 files changed, 204 insertions(+) diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample index ebbe83c..777b157 100644 --- a/conf/main_ipv4.conf.sample +++ b/conf/main_ipv4.conf.sample @@ -298,6 +298,31 @@ forward_ftp_server_ips="" ftp_passive_port_range="50000:50400" +# - XMPP Service (Jabber - Prosody) +# - +xmpp_server_ips="" +forward_xmpp_server_ips="" + +# - Ports used by XMpp (Prosody) service +# - +# - 5222 eingehend, für Client-Verbindungen unverschlüsselt oder TLS-verschlüsselt +# - 5223 eingehend, für SSL-verschlüsselte Clientverbindungen (veraltet) +# - 5269 ein- und ausgehend, für Verbindungen zu anderen Servern +# - +# - WebSocket (support is provided by mod_websocket) +# - 5280 eingehend, für Client-Verbindungen über HTTP-Polling (nützlich für Webapplikationen) +# - +xmmp_tcp_in_ports="5222 5223 5269" +xmmp_tcp_out_ports="5269" + +# - XMPP Remote Dovecote Out Service +# - +# - Example: +# - xmmp_remote_out_services="192.68.11.81:44444 83.223.86.91:44444" +# - +xmmp_remote_out_services="" + + # - Mumble Server # - mumble_server_ips="" diff --git a/conf/main_ipv6.conf.sample b/conf/main_ipv6.conf.sample index fb94036..c25fd51 100644 --- a/conf/main_ipv6.conf.sample +++ b/conf/main_ipv6.conf.sample @@ -317,6 +317,34 @@ forward_ftp_server_ips="" ftp_passive_port_range="50000:50400" +# - XMPP Service (Jabber - Prosody) +# - +xmpp_server_ips="" +forward_xmpp_server_ips="" + +# - Ports used by XMpp (Prosody) service +# - +# - 5222 eingehend, für Client-Verbindungen unverschlüsselt oder TLS-verschlüsselt +# - 5223 eingehend, für SSL-verschlüsselte Clientverbindungen (veraltet) +# - 5269 ein- und ausgehend, für Verbindungen zu anderen Servern +# - +# - WebSocket (support is provided by mod_websocket) +# - 5280 eingehend, für Client-Verbindungen über HTTP-Polling (nützlich für Webapplikationen) +# - +xmmp_tcp_in_ports="5222 5223 5269" +xmmp_tcp_out_ports="5269" + +# - XMPP Remote Dovecote Out Service +# - +# - Example: +# - - xmmp_remote_out_services=" +# - 2a01:4f8:221:3b4e::247,44444 +# - 2a01:30:0:13:2f7:50ff:fed2:cef7,44444 +# - " +# - +xmmp_remote_out_services="" + + # - Mumble Server # - mumble_server_ips="" diff --git a/conf/post_decalrations.conf b/conf/post_decalrations.conf index a86192b..0aa247e 100644 --- a/conf/post_decalrations.conf +++ b/conf/post_decalrations.conf @@ -214,6 +214,28 @@ for _ip in $forward_smtpd_ips ; do forward_smtpd_ip_arr+=("$_ip") done + +# --- +# - IP Addresses XMPP Service (Jabber - Prosody) +# --- +declare -a xmpp_server_ip_arr +for _ip in $xmpp_server_ips ; do + xmpp_server_ip_arr+=("$_ip") +done + +declare -a forward_xmpp_server_ip_arr +for _ip in $forward_xmpp_server_ips ; do + forward_xmpp_server_ip_arr+=("$_ip") +done + +# --- +# - XMPP Remote Dovecote Out Service +# --- +declare -a xmmp_remote_out_service_arr +for _val in $xmmp_remote_out_services ; do + xmmp_remote_out_service_arr+=("$_val") +done + # --- # - Mail Services (smtps/pop(s)/imap(s) # --- @@ -308,6 +330,19 @@ for _port in $ssh_ports ; do ssh_port_arr+=("$_port") done +# --- +# - XMPP Service (Jabber - Prosody) +# --- +declare -a xmmp_tcp_in_port_arr +for _port in $xmmp_tcp_in_ports ; do + xmmp_tcp_in_port_arr+=("$_port") +done + +declare -a xmmp_tcp_out_port_arr +for _port in $xmmp_tcp_out_ports ; do + xmmp_tcp_out_port_arr+=("$_port") +done + # --- # - VPN Ports # --- diff --git a/ip6t-firewall-server b/ip6t-firewall-server index b54ee84..7fedbf5 100755 --- a/ip6t-firewall-server +++ b/ip6t-firewall-server @@ -1640,6 +1640,64 @@ fi #fi +# --- +# - XMPP Service (Jabber) +# --- + +echononl "\t\tXMPP Service" + +if [[ ${#xmpp_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_xmpp_server_ip_arr[@]} -gt 0 ]] ; then + + if [[ ${#xmpp_server_ip_arr[@]} -gt 0 ]] ; then + for _ip in ${xmpp_server_ip_arr[@]} ; do + for _port in ${xmmp_tcp_in_port_arr[@]} ; do + $ip6t -A INPUT -p tcp -d $_ip --dport $_port -m state --state NEW -j ACCEPT + done + + for _port in ${xmmp_tcp_out_port_arr[@]} ; do + $ip6t -A OUTPUT -p tcp -s $_ip --dport $_port -m state --state NEW -j ACCEPT + done + done + fi + + + if [[ ${#forward_xmpp_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then + for _ip in ${forward_xmpp_server_ip_arr[@]} ; do + for _port in ${xmmp_tcp_in_port_arr[@]} ; do + $ip6t -A FORWARD -p tcp -d $_ip --dport $_port -m state --state NEW -j ACCEPT + done + + for _port in ${xmmp_tcp_out_port_arr[@]} ; do + $ip6t -A FORWARD -p tcp -s $_ip --dport $_port -m state --state NEW -j ACCEPT + done + done + fi + + echo_done +else + echo_skipped +fi + + +# --- +# - XMPP Remote Dovecote Out Service +# --- + +echononl "\t\tXMPP Remote Dovecote Out Service" + +if [[ ${#xmmp_remote_out_service_arr[@]} -gt 0 ]] ; then + for _dev in "${ext_if_arr[@]}" ; do + for _val in "${xmmp_remote_out_service_arr[@]}" ; do + IFS=',' read -a _val_arr <<< "${_val}" + $ip6t -A OUTPUT -o $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} -m state --state NEW -j ACCEPT + done + done + echo_done +else + echo_skipped +fi + + # --- # - Mumble Service # --- diff --git a/ipt-firewall-server b/ipt-firewall-server index 741d8a1..1a40842 100755 --- a/ipt-firewall-server +++ b/ipt-firewall-server @@ -1884,6 +1884,64 @@ fi #fi +# --- +# - XMPP Service (Jabber) +# --- + +echononl "\t\tXMPP Service" + +if [[ ${#xmpp_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_xmpp_server_ip_arr[@]} -gt 0 ]] ; then + + if [[ ${#xmpp_server_ip_arr[@]} -gt 0 ]] ; then + for _ip in ${xmpp_server_ip_arr[@]} ; do + for _port in ${xmmp_tcp_in_port_arr[@]} ; do + $ipt -A INPUT -p tcp -d $_ip --dport $_port -m state --state NEW -j ACCEPT + done + + for _port in ${xmmp_tcp_out_port_arr[@]} ; do + $ipt -A OUTPUT -p tcp -s $_ip --dport $_port -m state --state NEW -j ACCEPT + done + done + fi + + + if [[ ${#forward_xmpp_server_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then + for _ip in ${forward_xmpp_server_ip_arr[@]} ; do + for _port in ${xmmp_tcp_in_port_arr[@]} ; do + $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m state --state NEW -j ACCEPT + done + + for _port in ${xmmp_tcp_out_port_arr[@]} ; do + $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m state --state NEW -j ACCEPT + done + done + fi + + echo_done +else + echo_skipped +fi + + +# --- +# - XMPP Remote Dovecote Out Service +# --- + +echononl "\t\tXMPP Remote Dovecote Out Service" + +if [[ ${#xmmp_remote_out_service_arr[@]} -gt 0 ]] ; then + for _dev in "${ext_if_arr[@]}" ; do + for _val in "${xmmp_remote_out_service_arr[@]}" ; do + IFS=':' read -a _val_arr <<< "${_val}" + $ipt -A OUTPUT -o $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} -m state --state NEW -j ACCEPT + done + done + echo_done +else + echo_skipped +fi + + # --- # - Mumble Service # ---