Support local service from given extern network

2019-09-04 01:11:31 +02:00 · 2019-09-04 01:11:31 +02:00 · e292be4141
commit e292be4141
parent 051e7da995
5 changed files with 85 additions and 1 deletions
--- a/conf/main_ipv4.conf.sample
+++ b/conf/main_ipv4.conf.sample
@ -183,6 +183,24 @@ allow_ext_net=""
 allow_local_service=""
 # -------------
 # ---- Allow local Services from given (extern) network
 # -------------
 # - allow_local_service_from_networks
 # -
 # - allow_local_service_from_networks="<ext-net:local-port:protocol> [<ext-net:local-port>:<protocol> [.."
 # -
 # - Allow all traffic to given local service from given (extern) network
 # -
 # - Example:
 # -    allow_local_service="192.68.11.64/27:8443:tcp 192.68.11.64/27:8080:tcp"
 # -
 # - Blank separated list
 # -
 allow_local_service_from_networks=""
 # -------------
 # --- Services local Network
 # -------------
--- a/conf/main_ipv6.conf.sample
+++ b/conf/main_ipv6.conf.sample
@ -196,6 +196,24 @@ allow_ext_net=""
 allow_local_service=""
 # -------------
 # ---- Allow local Services from given (extern) network
 # -------------
 # - allow_local_service_from_networks
 # -
 # - allow_local_service_from_networks="<ext-net,local-port,protocol> [<ext-net,local-port>,<protocol> [.."
 # -
 # - Allow all traffic to given local service from given (extern) network
 # -
 # - Example:
 # -    allow_local_service="2001:678:a40:3000::/64,8443,tcp 2001:678:a40:3000::/64,8080,tcp"
 # -
 # - Blank separated list
 # -
 allow_local_service_from_networks=""
 # -------------
 # --- Services local Network
 # -------------
--- a/conf/post_decalrations.conf
+++ b/conf/post_decalrations.conf
@ -101,6 +101,14 @@ for _val in $allow_local_service ; do
   allow_local_service_arr+=("$_val")
 done
 # ---
 # - Allow (non-standard) local Services from specified network
 # ---
 declare -a allow_local_service_from_network_arr
 for _service in $allow_local_service_from_networks ; do
   allow_local_service_from_network_arr+=("$_service")
 done
 # ---
 # - Generally block ports
 # ---
--- a/21
+++ b/21
@ -938,7 +938,7 @@ echononl "\t\tAllow (non-standard) local Services"
 if [[ ${#allow_local_service_arr[@]} -gt 0 ]] ; then
   for _dev in "${ext_if_arr[@]}" ; do
      for _val in "${allow_local_service_arr[@]}" ; do
-         IFS=':' read -a _val_arr <<< "${_val}"
+         IFS=',' read -a _val_arr <<< "${_val}"
         $ip6t -A INPUT -i $_dev -p ${_val_arr[1]} --dport ${_val_arr[0]} -m state --state NEW -j ACCEPT
      done
   done
@ -947,6 +947,25 @@ else
   echo_skipped
 fi
 # -------------
 # ---- Allow local Services from given (extern) network
 # -------------
 echononl "\t\tAllow local Services from given (extern) network"
 if [[ ${#allow_local_service_from_network_arr[@]} -gt 0 ]] ; then
   for _dev in "${ext_if_arr[@]}" ; do
      for _val in "${allow_local_service_from_network_arr[@]}" ; do
         IFS=',' read -a _val_arr <<< "${_val}"
         $ip6t -A INPUT -i $_dev -p ${_val_arr[2]} -s ${_val_arr[0]} --dport ${_val_arr[1]} -m state --state NEW -j ACCEPT
      done
   done
   echo_done
 else
   echo_skipped
 fi
 echo
--- a/21
+++ b/21
@ -1191,6 +1191,27 @@ else
   echo_skipped
 fi
 # -------------
 # ---- Allow local Services from given (extern) network
 # -------------
 echononl "\t\tAllow local Services from given (extern) network"
 if [[ ${#allow_local_service_from_network_arr[@]} -gt 0 ]] ; then
   for _dev in "${ext_if_arr[@]}" ; do
      for _val in "${allow_local_service_from_network_arr[@]}" ; do
         IFS=':' read -a _val_arr <<< "${_val}"
         $ipt -A INPUT -i $_dev -p ${_val_arr[2]} -s ${_val_arr[0]} --dport ${_val_arr[1]} -m state --state NEW -j ACCEPT
      done
   done
   echo_done
 else
   echo_skipped
 fi
 echo
 echo