firewall/ipt-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for dhclient.

Browse Source
This commit is contained in:
Christoph 2021-01-11 19:59:08 +01:00
parent e68705c819
commit 5ec7c9bcea
5 changed files with 57 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
conf/main_ipv4.conf.sample
View File

@ -241,10 +241,17 @@ ntp_allowed_net=""
# DHCP Server # DHCP Server
# #
# Comma seperated Interface list for DHCP services # Comma seperated list of Interface supporting DHCP services
# #
dhcp_server_ifs="" dhcp_server_ifs=""
# DHCP Client
#
# Comma seperated list of Interface, which are dhcp clients
#
dhcp_client_ifs=""
# - DNS Server # - DNS Server
# - # -
# - Note: # - Note:

9
conf/main_ipv6.conf.sample
View File

@ -257,10 +257,17 @@ ntp_allowed_net=""
# DHCP Server # DHCP Server
# #
# Comma seperated Interface list for DHCP services # Comma seperated list of Interface supporting DHCP services
# #
dhcp_server_ifs="" dhcp_server_ifs=""
# DHCP Client
#
# Comma seperated list of Interface, which are dhcp clients
#
dhcp_client_ifs=""
# - DNS Server # - DNS Server
# - # -
# - Note: # - Note:

8
conf/post_decalrations.conf
View File

@ -133,9 +133,13 @@ done
# --- # ---
# - Network Interfaces DHCP Service # - Network Interfaces DHCP Service
# --- # ---
declare -a dhcp_if_arr declare -a dhcp_server_if_arr
for _dev in $dhcp_server_ifs ; do for _dev in $dhcp_server_ifs ; do
dhcp_if_arr+=($_dev) dhcp_server_if_arr+=($_dev)
done
declare -a dhcp_client_if_arr
for _dev in $dhcp_client_ifs ; do
dhcp_client_if_arr+=($_dev)
done done
# --- # ---

24
ip6t-firewall-server
View File

@ -1112,14 +1112,28 @@ echo
# - DHCP # - DHCP
# --- # ---
echononl "\t\tDHCP" echononl "\t\tDHCP Clients"
if [[ ${#dhcp_if_arr[@]} -gt 0 ]] ; then if [[ ${#dhcp_client_if_arr[@]} -gt 0 ]] ; then
for _dev in ${dhcp_if_arr[@]} ; do for _dev in ${dhcp_if_arr[@]} ; do
# - in
$ip6t -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
# - out # - out
$ip6t -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT $ip6t -A OUTPUT -p udp -o $_dev --dport 67 -d ::/0 --sport 1024:65535 -j ACCEPT
# - in
$ipt -A INPUT -p udp -i $_dev --sport 67 -d ::/0 --dport 68 -j ACCEPT
done
echo_done
else
echo_skipped
fi
echononl "\t\tDHCP Server"
if [[ ${#dhcp_server_if_arr[@]} -gt 0 ]] ; then
for _dev in ${dhcp_server_if_arr[@]} ; do
# - in
$ip6t -A INPUT -p udp -i $_dev -s ::/0 --sport 68 --dport 67 -j ACCEPT
# - out
$ip6t -A OUTPUT -p udp -o $_dev --sport 67 -d ::/0 --dport 68 -j ACCEPT
done done
echo_done echo_done
else else

18
ipt-firewall-server
View File

@ -1275,10 +1275,24 @@ echo
# - DHCP # - DHCP
# --- # ---
echononl "\t\tDHCP" echononl "\t\tDHCP Clients"
if [[ ${#dhcp_if_arr[@]} -gt 0 ]] ; then if [[ ${#dhcp_client_if_arr[@]} -gt 0 ]] ; then
for _dev in ${dhcp_if_arr[@]} ; do for _dev in ${dhcp_if_arr[@]} ; do
# - out
$ipt -A OUTPUT -p udp -o $_dev --dport 67 -d 0/0 --sport 1024:65535 -j ACCEPT
# - in
$ipt -A INPUT -p udp -i $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
done
echo_done
else
echo_skipped
fi
echononl "\t\tDHCP Server"
if [[ ${#dhcp_server_if_arr[@]} -gt 0 ]] ; then
for _dev in ${dhcp_server_if_arr[@]} ; do
# - in # - in
$ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
# - out # - out