firewall/ipt-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support multiple networks for access to local resolver - forgot iptables scripts.

Browse Source
This commit is contained in:
Christoph 2019-09-03 03:52:54 +02:00
parent 328219c4b6
commit f87f7bbda0
2 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ip6t-firewall-server
View File

@ -1044,11 +1044,13 @@ fi
echononl "\t\tlocal Resolver"
if [[ -n "$local_resolver_service" ]] && $local_resolver_service ; then
if [[ -z "$resolver_allowed_net" ]] ; then
echo_failed
else
$ip6t -A INPUT -p udp -s $resolver_allowed_net --dport $resolver_port -m conntrack --ctstate NEW -j ACCEPT
if [[ ${#resolver_allowed_network_arr[@]} -gt 0 ]] ; then
for _net in ${resolver_allowed_network_arr[@]} ; do
$ip6t -A INPUT -p udp -s $_net --dport $resolver_port -m conntrack --ctstate NEW -j ACCEPT
done
echo_done
else
echo_failed
fi
else
echo_skipped

10
ipt-firewall-server
View File

@ -1288,11 +1288,13 @@ fi
echononl "\t\tlocal Resolver"
if [[ -n "$local_resolver_service" ]] && $local_resolver_service ; then
if [[ -z "$resolver_allowed_net" ]] ; then
echo_failed
else
$ipt -A INPUT -p udp -s $resolver_allowed_net --dport $resolver_port -m conntrack --ctstate NEW -j ACCEPT
if [[ ${#resolver_allowed_network_arr[@]} -gt 0 ]] ; then
for _net in ${resolver_allowed_network_arr[@]} ; do
$ipt -A INPUT -p udp -s $_net --dport $resolver_port -m conntrack --ctstate NEW -j ACCEPT
done
echo_done
else
echo_failed
fi
else
echo_skipped