diff --git a/conf/interfaces_ipv4.conf.sample b/conf/interfaces_ipv4.conf.sample index d415edb..48dc41f 100644 --- a/conf/interfaces_ipv4.conf.sample +++ b/conf/interfaces_ipv4.conf.sample @@ -33,7 +33,7 @@ local_ifs="$local_if_1 $local_if_2 $local_if_3" # ------------- -# --- Network Interfaces +# --- IP-Addresses # ------------- # - Extern IP Addresses on this Host @@ -55,6 +55,30 @@ local_2_ip="" local_2_ip="" +# ------------- +# --- IP-Addresses LXC Guest sSystems +# ------------- + +# for _guest in $(lxc-ls) ; do echo ; lxc-info -n $_guest | grep -E "(IP:|Name:)" ; done + +# NOT IN USE +lxc_guest_1_ip="" +# NOT IN USE +lxc_guest_2_ip="" +# NOT IN USE +lxc_guest_3_ip="" +# NOT IN USE +lxc_guest_4_ip="" +# NOT IN USE +lxc_guest_5_ip="" +# NOT IN USE +lxc_guest_6_ip="" +# NOT IN USE +lxc_guest_7_ip="" + +lxc_guest_ips="$lxc_guest_1_ip $lxc_guest_2_ip $lxc_guest_3_ip $lxc_guest_4_ip $lxc_guest_5_ip $lxc_guest_6_ip $lxc_guest_7_ip" + + # - Devices given in list "nat_devices" will be natted # - # - Blank separated list diff --git a/conf/interfaces_ipv6.conf.sample b/conf/interfaces_ipv6.conf.sample index 287d464..48dc41f 100644 --- a/conf/interfaces_ipv6.conf.sample +++ b/conf/interfaces_ipv6.conf.sample @@ -55,6 +55,30 @@ local_2_ip="" local_2_ip="" +# ------------- +# --- IP-Addresses LXC Guest sSystems +# ------------- + +# for _guest in $(lxc-ls) ; do echo ; lxc-info -n $_guest | grep -E "(IP:|Name:)" ; done + +# NOT IN USE +lxc_guest_1_ip="" +# NOT IN USE +lxc_guest_2_ip="" +# NOT IN USE +lxc_guest_3_ip="" +# NOT IN USE +lxc_guest_4_ip="" +# NOT IN USE +lxc_guest_5_ip="" +# NOT IN USE +lxc_guest_6_ip="" +# NOT IN USE +lxc_guest_7_ip="" + +lxc_guest_ips="$lxc_guest_1_ip $lxc_guest_2_ip $lxc_guest_3_ip $lxc_guest_4_ip $lxc_guest_5_ip $lxc_guest_6_ip $lxc_guest_7_ip" + + # - Devices given in list "nat_devices" will be natted # - # - Blank separated list diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample index a156b5f..338d13d 100644 --- a/conf/main_ipv4.conf.sample +++ b/conf/main_ipv4.conf.sample @@ -20,6 +20,15 @@ do_not_firewall_bridged_traffic=false +# ------------- +# --- Do not firewall traffic from and to LX Gust Systems +# ------------- + +# - Traffic to hosted LX containers are not firewalled here. +# - +do_not_firewall_lx_guest_systems=true + + # ------------- # --- Drop ICMP # ------------- diff --git a/conf/main_ipv6.conf.sample b/conf/main_ipv6.conf.sample index 4f5b4dd..f0f0e84 100644 --- a/conf/main_ipv6.conf.sample +++ b/conf/main_ipv6.conf.sample @@ -20,6 +20,15 @@ do_not_firewall_bridged_traffic=false +# ------------- +# --- Do not firewall traffic from and to LX Gust Systems +# ------------- + +# - Traffic to hosted LX containers are not firewalled here. +# - +do_not_firewall_lx_guest_systems=true + + # ------------- # --- Drop ICMP # ------------- diff --git a/ip6t-firewall-server b/ip6t-firewall-server index 39491b7..bd70de0 100755 --- a/ip6t-firewall-server +++ b/ip6t-firewall-server @@ -280,6 +280,26 @@ fi echo +# ------------- +# --- Do not firewall traffic from and to LX Gust Systems +# ------------- + +echononl "\tDo not firewall traffic from and to LX Gust Systems" +if $do_not_firewall_lx_guest_systems && [[ ${#lxc_guest_ip_arr[@]} -gt 0 ]]; then + + for _ip in ${lxc_guest_ip_arr[@]} ; do + + $ip6t -I FORWARD -p all -d $_ip -j ACCEPT + $ip6t -I FORWARD -p all -s $_ip -j ACCEPT + + done + echo_done +else + echo_skipped +fi +echo + + # ------------- # ---- Log given IP Addresses # ------------- diff --git a/ipt-firewall-server b/ipt-firewall-server index 1f9e47e..d1d0ed4 100755 --- a/ipt-firewall-server +++ b/ipt-firewall-server @@ -340,6 +340,26 @@ fi echo +# ------------- +# --- Do not firewall traffic from and to LX Gust Systems +# ------------- + +echononl "\tDo not firewall traffic from and to LX Gust Systems" +if $do_not_firewall_lx_guest_systems && [[ ${#lxc_guest_ip_arr[@]} -gt 0 ]]; then + + for _ip in ${lxc_guest_ip_arr[@]} ; do + + $ipt -I FORWARD -p all -d $_ip -j ACCEPT + $ipt -I FORWARD -p all -s $_ip -j ACCEPT + + done + echo_done +else + echo_skipped +fi +echo + + # ------------- # ---- Log given IP Addresses # -------------