firewall/ipt-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Mail Client Rules.

Browse Source
This commit is contained in:
Christoph 2017-07-14 03:35:39 +02:00
parent e453044f84
commit 350f2dc487
4 changed files with 116 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
ip6t-firewall-server
View File

@ -819,10 +819,10 @@ echo_done
# ---
# - Mail (SMTP Server)
# - Mail SMTP Server (Port 25) including Spam Control
# ---
echononl "\t\tMail (SMTP Server including Spam Control)"
echononl "\t\tMail SMTP Server (Port 25) including Spam Control"
if [[ ${#smtpd_ips_arr[@]} -gt 0 ]] || [[ ${#forward_smtpd_ip_arr[@]} -gt 0 ]] ; then
if [[ ${#smtpd_ips_arr[@]} > 0 ]] ; then
@ -875,10 +875,10 @@ fi
# ---
# - Mail (POP/IMAP Server)
# - Mailservice (Submission/SMTPS/POP/IMAP Server)
# ---
echononl "\t\tMail (POP/IMAP Server)"
echononl "\t\tMailservice (Submission/SMTPS/POP/IMAP Server)"
if [[ ${#mail_server_ips_arr[@]} -gt 0 ]] || [[ ${#forward_mail_server_ip_arr[@]} -gt 0 ]] ; then
@ -904,6 +904,36 @@ else
fi
# ---
# - Mail Client (Submission/SMTPS/POPS/IMAPS) out only
# ---
echononl "\t\tMail Client (Submission/SMTPS/POPS/IMAPS) out only"
if [[ ${#mail_client_ips_arr[@]} -gt 0 ]] || [[ ${#forward_mail_client_ip_arr[@]} -gt 0 ]] ; then
if [[ ${#mail_client_ips_arr[@]} -gt 0 ]] ; then
for _ip in ${mail_client_ips_arr[@]} ; do
# mail ports
#
$ip6t -A OUTPUT -p tcp -s $_ip -m multiport --dports $mail_user_ports -m state --state NEW -j ACCEPT
done
fi # if [[ ${#mail_client_ips_arr[@]} -gt 0 ]]
if [[ ${#forward_mail_client_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
for _ip in ${forward_mail_client_ip_arr[@]} ; do
# mail ports
#
$ip6t -A FORWARD -p tcp -s $_ip -m multiport --dports $mail_user_ports -m state --state NEW -j ACCEPT
done
fi # if [[ ${#forward_mail_client_ip_arr[@]} -gt 0 ]] ; then
echo_done
else
echo_skipped
fi
# ---
# - HTTP(S) OUT
# ---

27
ip6t-firewall-server.conf.sample
View File

@ -126,10 +126,12 @@ forward_private_ips=""
# --- Define Ports for Services
# -------------
# - Is this a Web Server ?
# - Web Server Ports
# -
http_ports="80,443"
# - Is this a Mailserver (POP/IMAP)
# - Mail Client Ports (Submission/SMTPS/POPS/IMAPS)
# -
mail_user_ports="587,465,110,995,143,993"
# - SSH Ports
@ -216,6 +218,11 @@ forward_smtpd_ips=""
mail_server_ips=""
forward_mail_server_ips=""
# - Mail Client (smtps/pop(s)/imap(s)
# -
mail_client_ips=""
forward_mail_client_ips=""
# - FTP Server
# -
ftp_server_ips=""
@ -529,7 +536,7 @@ for _ip in $forward_smtpd_ips ; do
done
# ---
# - Mail POP/IMAP Server
# - Mail Services (smtps/pop(s)/imap(s)
# ---
# local
declare -a mail_server_ips_arr
@ -542,6 +549,20 @@ for _ip in $forward_mail_server_ips ; do
forward_mail_server_ip_arr+=("$_ip")
done
# ---
# - Mail client (smtps/pop(s)/imap(s)
# ---
# local
declare -a mail_client_ips_arr
for _ip in $mail_client_ips ; do
mail_client_ips_arr+=("$_ip")
done
# DMZ
declare -a forward_mail_client_ip_arr
for _ip in $forward_mail_client_ips ; do
forward_mail_client_ip_arr+=("$_ip")
done
# ---
# - IP Addresses Mumble Server
# ---

38
ipt-firewall-server
View File

@ -1009,10 +1009,10 @@ echo_done
# ---
# - Mail (SMTP Server)
# - Mail SMTP Server (Port 25) including Spam Control
# ---
echononl "\t\tMail (SMTP Server including Spam Control)"
echononl "\t\tMail SMTP Server (Port 25) including Spam Control"
if [[ ${#smtpd_ips_arr[@]} -gt 0 ]] || [[ ${#forward_smtpd_ip_arr[@]} -gt 0 ]] ; then
if [[ ${#smtpd_ips_arr[@]} > 0 ]] ; then
@ -1065,10 +1065,10 @@ fi
# ---
# - Mail (POP/IMAP Server)
# - Mailservice (Submission/SMTPS/POP/IMAP Server)
# ---
echononl "\t\tMail (POP/IMAP Server)"
echononl "\t\tMailservice (Submission/SMTPS/POP/IMAP Server)"
if [[ ${#mail_server_ips_arr[@]} -gt 0 ]] || [[ ${#forward_mail_server_ip_arr[@]} -gt 0 ]] ; then
@ -1094,6 +1094,36 @@ else
fi
# ---
# - Mail Client (Submission/SMTPS/POPS/IMAPS) out only
# ---
echononl "\t\tMail Client (Submission/SMTPS/POPS/IMAPS) out only"
if [[ ${#mail_client_ips_arr[@]} -gt 0 ]] || [[ ${#forward_mail_client_ip_arr[@]} -gt 0 ]] ; then
if [[ ${#mail_client_ips_arr[@]} -gt 0 ]] ; then
for _ip in ${mail_client_ips_arr[@]} ; do
# mail ports
#
$ipt -A OUTPUT -p tcp -s $_ip -m multiport --dports $mail_user_ports -m state --state NEW -j ACCEPT
done
fi # if [[ ${#mail_client_ips_arr[@]} -gt 0 ]]
if [[ ${#forward_mail_client_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
for _ip in ${forward_mail_client_ip_arr[@]} ; do
# mail ports
#
$ipt -A FORWARD -p tcp -s $_ip -m multiport --dports $mail_user_ports -m state --state NEW -j ACCEPT
done
fi # if [[ ${#forward_mail_client_ip_arr[@]} -gt 0 ]] ; then
echo_done
else
echo_skipped
fi
# ---
# - HTTP(S) OUT
# ---

27
ipt-firewall-server.conf.sample
View File

@ -126,10 +126,12 @@ forward_private_ips=""
# --- Define Ports for Services
# -------------
# - Is this a Web Server ?
# - Web Server Ports
# -
http_ports="80,443"
# - Is this a Mailserver (POP/IMAP)
# - Mail Client Ports (Submission/SMTPS/POPS/IMAPS)
# -
mail_user_ports="587,465,110,995,143,993"
# - SSH Ports
@ -219,6 +221,11 @@ forward_smtpd_ips=""
mail_server_ips=""
forward_mail_server_ips=""
# - Mail Client (smtps/pop(s)/imap(s)
# -
mail_client_ips=""
forward_mail_client_ips=""
# - FTP Server
# -
ftp_server_ips=""
@ -613,7 +620,7 @@ for _ip in $forward_smtpd_ips ; do
done
# ---
# - Mail POP/IMAP Server
# - Mail Services (smtps/pop(s)/imap(s)
# ---
# local
declare -a mail_server_ips_arr
@ -626,6 +633,20 @@ for _ip in $forward_mail_server_ips ; do
forward_mail_server_ip_arr+=("$_ip")
done
# ---
# - Mail client (smtps/pop(s)/imap(s)
# ---
# local
declare -a mail_client_ips_arr
for _ip in $mail_client_ips ; do
mail_client_ips_arr+=("$_ip")
done
# DMZ
declare -a forward_mail_client_ip_arr
for _ip in $forward_mail_client_ips ; do
forward_mail_client_ip_arr+=("$_ip")
done
# ---
# - IP Addresses Mumble Server
# ---