firewall/ipt-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow LDAP/LDAPS out only.

Browse Source
This commit is contained in:
Christoph
2025-08-10 01:50:23 +02:00
parent 9fd36a8236
commit abef59c769
2 changed files with 64 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
ip6t-firewall-server
View File

@@ -2486,6 +2486,38 @@ else
fi fi
# ---
# - LDAP out only
# ---
echononl "\t\tLDAP out only"
for _dev in ${ext_if_arr[@]} ; do
$ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_ldap_port -m state --state NEW -j ACCEPT
if $kernel_forward_between_interfaces ; then
$ip6t -A FORWARD -o $_dev -p tcp --dport $standard_ldap_port -m state --state NEW -j ACCEPT
fi
done
echo_done
# ---
# - LDAPS out only
# ---
echononl "\t\tLDAPS out only"
for _dev in ${ext_if_arr[@]} ; do
$ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_ldaps_port -m state --state NEW -j ACCEPT
if $kernel_forward_between_interfaces ; then
$ip6t -A FORWARD -o $_dev -p tcp --dport $standard_ldaps_port -m state --state NEW -j ACCEPT
fi
done
echo_done
# --- # ---
# - Whois out only # - Whois out only
# --- # ---

32
ipt-firewall-server
View File

@@ -2647,6 +2647,38 @@ else
fi fi
# ---
# - LDAP out only
# ---
echononl "\t\tLDAP out only"
for _dev in ${ext_if_arr[@]} ; do
$ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ldap_port -m state --state NEW -j ACCEPT
if $kernel_activate_forwarding ; then
$ipt -A FORWARD -o $_dev -p tcp --dport $standard_ldap_port -m state --state NEW -j ACCEPT
fi
done
echo_done
# ---
# - LDAPS out only
# ---
echononl "\t\tLDAPS out only"
for _dev in ${ext_if_arr[@]} ; do
$ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ldaps_port -m state --state NEW -j ACCEPT
if $kernel_activate_forwarding ; then
$ipt -A FORWARD -o $_dev -p tcp --dport $standard_ldaps_port -m state --state NEW -j ACCEPT
fi
done
echo_done
# --- # ---