From abef59c7695c4f7d88cacd4893e19682108fadf1 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Sun, 10 Aug 2025 01:50:23 +0200
Subject: [PATCH] Allow LDAP/LDAPS out only.

---
 ip6t-firewall-server | 32 ++++++++++++++++++++++++++++++++
 ipt-firewall-server  | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+)

diff --git a/ip6t-firewall-server b/ip6t-firewall-server
index cf80455..9ba852d 100755
--- a/ip6t-firewall-server
+++ b/ip6t-firewall-server
@@ -2486,6 +2486,38 @@ else
 fi
 
 
+# ---
+# - LDAP out only
+# ---
+
+echononl "\t\tLDAP out only"
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_ldap_port  -m state --state NEW -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_ldap_port  -m state --state NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - LDAPS out only
+# ---
+
+echononl "\t\tLDAPS out only"
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_ldaps_port  -m state --state NEW -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_ldaps_port  -m state --state NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
 # ---
 # - Whois out only
 # ---
diff --git a/ipt-firewall-server b/ipt-firewall-server
index 5b01c4c..9c62c90 100755
--- a/ipt-firewall-server
+++ b/ipt-firewall-server
@@ -2647,6 +2647,38 @@ else
 fi
 
 
+# ---
+# - LDAP out only
+# ---
+
+echononl "\t\tLDAP out only"
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ldap_port -m state --state NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ldap_port -m state --state NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - LDAPS out only
+# ---
+
+echononl "\t\tLDAPS out only"
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ldaps_port -m state --state NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ldaps_port -m state --state NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
 
 
 # ---