Update 'NONE-CKUBU'.

NONE-CKUBU/ipt-firewall/interfaces_ipv6.conf

@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1=""
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+# -
+# - Example:
+# -    ext_if_static_1="sixxs"
+# -
+ext_if_static_1=""
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1=""
+local_if_2=""
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true

NONE-CKUBU/ipt-firewall/load_modules_ipv4.conf

@@ -21,7 +21,7 @@ iptable_raw
 
 # - Load base modules for tracking
 # -
-nf_conntrack
+nf_conntrack nf_conntrack_helper=0
 nf_nat
 
 # - Load module for FTP Connection tracking and NAT

NONE-CKUBU/ipt-firewall/main_ipv4.conf

@@ -256,6 +256,84 @@ allow_local_if_to_local_ip=""
 
 
 
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
+# -                               ${local_if_2}:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# - Allow extern service from given local interface
+# =============
+
+# - allow_local_if_to_ext_service
+# -
+# - allow_local_if_to_ext_service="<local-interface>:<extern-ip>:<ext-port>:<protocol> [.."
+# -
+# - All traffic from the given (local) network interface to the given (extern) service is allowed
+# -
+# - Example:
+# -   allow_local_if_to_ext_service="${local_if_1}:83.223.86.98:3306:tcp
+# -                                  ${local_if_2}:83.223.86.98:3306:tcp"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_ext_service=""
+
+
+
+# =============
+# - Allow extern network from given local interface
+# =============
+
+# - allow_local_if_to_ext_net
+# -
+# - allow_local_if_to_ext_net="<local-interface>:ext-network> [<local-interface>:ext-network> [.."
+# -
+# - All traffic from the given (local) network interface to the given (extern) network is allowed
+# -
+# - Example:
+# -   allow_local_if_to_ext_net="${local_if_1}:83.223.86.98/32
+# -                              ${local_if_2}:83.223.86.98/32"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_ext_net=""
+
+
+
+# =============
+# - Allow extern service from given local network
+# =============
+
+# - allow_local_net_to_ext_service
+# - 
+# - allow_local_net_to_ext_service="<local-net:ext-ip:port:protocol> [<local-net:ext-ip:port:protocol> [.."
+# -
+# - All traffic from the given (local) network to the given (extern) service is allowed
+# -
+# - Example:
+# -   allow_local_net_to_ext_service="192.168.63.0/24:83.223.86.98:3306:tcp
+# -                                   192.168.64.0/24:83.223.86.98:3306:tcp"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_ext_service=""
+
+
+
 # =============
 # --- Separate local Networks
 # =============
@@ -976,6 +1054,28 @@ tv_extern_if="eth2.8"
 tv_local_if="$local_if_1"
 
 
+# =====
+# --- Allow special TCP Ports (OUT)
+# =====
+
+# - TCP Ports
+# -
+# - Blank separated list of tcp ports
+# -
+tcp_out_ports=""
+
+
+# =====
+# --- Allow special UDP Ports (OUT)
+# =====
+
+# - UDP Ports
+# -
+# - Blank separated list udp ports
+# -
+udp_out_ports=""
+
+
 
 # ======
 # - Other local Services 

NONE-CKUBU/ipt-firewall/post_decalrations.conf

@@ -149,6 +149,38 @@ for _val in $allow_local_if_to_local_ip ; do
    allow_local_if_to_local_ip_arr+=("$_val")
 done
 
+# ---
+# - Allow extern service from given local interface
+# ---
+declare -a allow_local_if_to_ext_service_arr
+for _val in $allow_local_if_to_ext_service ; do
+   allow_local_if_to_ext_service_arr+=("$_val")
+done
+
+# ---
+# - Allow extern network from given local interface
+# ---
+declare -a allow_local_if_to_ext_net_arr
+for _val in $allow_local_if_to_ext_net ; do
+   allow_local_if_to_ext_net_arr+=("$_val")
+done
+
+# ---
+# - Allow extern service from given local network 
+# ---
+declare -a allow_local_net_to_ext_service_arr
+for _val in $allow_local_net_to_ext_service ; do
+   allow_local_net_to_ext_service_arr+=("$_val")
+done
+
+# ---
+# - Allow extern network from given local network
+# ---
+declare -a allow_local_net_to_ext_net_arr
+for _val in $allow_local_net_to_ext_net ; do
+   allow_local_net_to_ext_net_arr+=("$_val")
+done
+
 # ---
 # - Separate local Networks
 # ---
@@ -378,6 +410,24 @@ for _ip in $rsync_out_ips ; do
    rsync_out_ip_arr+=("$_ip")
 done
 
+# ---
+# - Special TCP Ports OUT
+# ---
+# local
+declare -a tcp_out_port_arr
+for _port in $tcp_out_ports ; do
+   tcp_out_port_arr+=("$_port")
+done
+
+# ---
+# - Special UDP Ports OUT
+# ---
+# local
+declare -a udp_out_port_arr
+for _port in $udp_out_ports ; do
+   udp_out_port_arr+=("$_port")
+done
+
 # ---
 # - Other local Services
 # ---