Add rules for extern services, extern networks and local (non-standard) services.

2019-02-25 15:24:51 +01:00
parent 7219691f1e
commit e7fd6ee87a
4 changed files with 286 additions and 2 deletions
--- a/60
+++ b/60
@ -756,6 +756,66 @@ echo
 echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"


+# -------------
+# ---- Allow extern Service 
+# -------------
+
+echononl "\t\tAllow extern Service"
+
+if [[ ${#allow_ext_service_arr[@]} -gt 0 ]] ; then
+   for _dev in "${ext_if_arr[@]}" ; do
+      for _val in "${allow_ext_service_arr[@]}" ; do
+         IFS=',' read -a _val_arr <<< "${_val}"
+         $ip6t -A OUTPUT -o $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m state --state NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# ---- Allow extern IP-Address/Network
+# -------------
+
+echononl "\t\tAllow extern IP-Address/Network"
+
+if [[ ${#allow_ext_net_arr[@]} -gt 0 ]] ; then
+   for _dev in "${ext_if_arr[@]}" ; do
+      for _net in "${allow_ext_net_arr[@]}" ; do
+         $ip6t -A OUTPUT -o $_dev -p all -d $_net -m state --state NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+echo
+
+
+# -------------
+# ---- Allow (non-standard) local Services 
+# -------------
+
+echononl "\t\tAllow (non-standard) local Services"
+
+if [[ ${#allow_local_service_arr[@]} -gt 0 ]] ; then
+   for _dev in "${ext_if_arr[@]}" ; do
+      for _val in "${allow_local_service_arr[@]}" ; do
+         IFS=':' read -a _val_arr <<< "${_val}"
+         $ip6t -A INPUT -i $_dev -p ${_val_arr[1]} --dport ${_val_arr[0]} -m state --state NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+echo
+
+
 # ---
 # - DHCP
 # ---