firewall/ipt-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add rules for extern services, extern networks and local (non-standard) services.

Browse Source
This commit is contained in:
Christoph
2019-02-25 15:24:51 +01:00
parent 7219691f1e
commit e7fd6ee87a
4 changed files with 286 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
ipt-firewall-server
View File

@ -967,7 +967,7 @@ echo
# ---- Restrict local Servive to given (extern) IP-Address/Network
# -------------
echononl "\tRestrict local Servive to given (extern) IP-Address/Network"
echononl "\tRestrict local Service to given (extern) IP-Address/Network"
if [[ ${#restrict_local_service_to_net_arr[@]} -gt 0 ]] ; then
_deny_service_arr=()
@ -1038,6 +1038,66 @@ echo
echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
# -------------
# ---- Allow extern Service
# -------------
echononl "\t\tAllow extern Service"
if [[ ${#allow_ext_service_arr[@]} -gt 0 ]] ; then
for _dev in "${ext_if_arr[@]}" ; do
for _val in "${allow_ext_service_arr[@]}" ; do
IFS=':' read -a _val_arr <<< "${_val}"
$ipt -A OUTPUT -o $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m state --state NEW -j ACCEPT
done
done
echo_done
else
echo_skipped
fi
# -------------
# ---- Allow extern IP-Address/Network
# -------------
echononl "\t\tAllow extern IP-Address/Network"
if [[ ${#allow_ext_net_arr[@]} -gt 0 ]] ; then
for _dev in "${ext_if_arr[@]}" ; do
for _net in "${allow_ext_net_arr[@]}" ; do
$ipt -A OUTPUT -o $_dev -p all -d $_net -m state --state NEW -j ACCEPT
done
done
echo_done
else
echo_skipped
fi
echo
# -------------
# ---- Allow (non-standard) local Services
# -------------
echononl "\t\tAllow (non-standard) local Services"
if [[ ${#allow_local_service_arr[@]} -gt 0 ]] ; then
for _dev in "${ext_if_arr[@]}" ; do
for _val in "${allow_local_service_arr[@]}" ; do
IFS=':' read -a _val_arr <<< "${_val}"
$ipt -A INPUT -i $_dev -p ${_val_arr[1]} --dport ${_val_arr[0]} -m state --state NEW -j ACCEPT
done
done
echo_done
else
echo_skipped
fi
echo
# ---
# - DHCP
# ---