More code to support ipv* allowed files
bbruns
parent
3056ae4d19
commit
026185195b
|
|
@ -943,6 +943,57 @@ fi
|
|||
display_c YELLOW "Loading custom IPv6 allowed port rules..."
|
||||
. "$BASEDIR/include/ipv6_custom_allowedports"
|
||||
fi
|
||||
|
||||
if [ "$IPV6_ALLOWED" ]; then
|
||||
display_c YELLOW "Adding allowed IPv6 IPs and ports... "
|
||||
for i in `grep -v "\#" $IPV6_ALLOWED`; do
|
||||
if [[ "$i" =~ "|" ]]; then
|
||||
IFS_OLD=${IFS};IFS=\|
|
||||
ADVALLOWIP=($i)
|
||||
IFS=${IFS_OLD}
|
||||
SRCIF=${ADVALLOWIP[0]}
|
||||
SRCIP=${ADVALLOWIP[1]}
|
||||
SRCPORT=${ADVALLOWIP[2]}
|
||||
DSTIF=${ADVALLOWIP[3]}
|
||||
DSTIP=${ADVALLOWIP[4]}
|
||||
DSTPORT=${ADVALLOWIP[5]}
|
||||
DIRECTION=${ADVALLOWIP[6]}
|
||||
PROTO=${ADVALLOWIP[7]}
|
||||
if [ "$SRCIF" ]; then
|
||||
SRCIF="-i ${SRCIF} "
|
||||
fi
|
||||
if [ "$SRCIP" ]; then
|
||||
SRCIP="-s ${SRCIP} "
|
||||
fi
|
||||
if [ "$SRCPORT" ]; then
|
||||
SRCPORT="--sport ${SRCPORT/-/:} "
|
||||
fi
|
||||
if [ "$DSTIF" ]; then
|
||||
DSTIF="-o ${DSTIF} "
|
||||
fi
|
||||
if [ "$DSTIP" ]; then
|
||||
DSTIP="-d ${DSTIP} "
|
||||
fi
|
||||
if [ "$DSTPORT" ]; then
|
||||
DSTPORT="--dport ${DSTPORT/-/:} "
|
||||
fi
|
||||
if [ "$PROTO" ]; then
|
||||
case $PROTO in
|
||||
TCP|tcp) PROTO="-p tcp";;
|
||||
UDP|udp) PROTO="-p udp";;
|
||||
*) PROTO="-p ${PROTO}";;
|
||||
esac
|
||||
fi
|
||||
case $DIRECTION in
|
||||
IN) DIRECTION="INPUT" ;;
|
||||
OUT) DIRECTION="OUTPUT" ;;
|
||||
FWD) DIRECTION="FORWARD" ;;
|
||||
*) DIRECTION="INPUT" ;;
|
||||
esac
|
||||
${IP6TABLES} -A ${DIRECTION} ${PROTO} ${SRCIF} ${SRCIP} ${SRCPORT} ${DSTIF} ${DSTIP} ${DSTPORT} -j ACCEPT
|
||||
fi
|
||||
done
|
||||
fi
|
||||
if [ "$IPV6_TCPPORTS" ] || [ "$IPV6_UDPPORTS" ]; then
|
||||
display_c YELLOW "Adding allowed IPv6 port: " N
|
||||
if [ "$IPV6_TCPPORTS" ]; then
|
||||
|
|
|
|||
|
|
@ -0,0 +1,7 @@
|
|||
# List of IPs to allow
|
||||
# One ip or range per line with added specific IN/OUT/FWD and TCP/UDP port (added in 0.9.8)
|
||||
# <SRC IF>|<SRC IP>|<SRC PORT RNG>|<DST IF>|<DST IP>|<DST PORT RNG>|<IN/OUT/FWD>|<PROTO>
|
||||
# One can leave out <SRC IF> <SRC IP> <SRC PORT RNG> <DST IF> <DST IP> <DST PORT RNG>
|
||||
# if you want to apply to all ports/interfaces/etc
|
||||
# Example:
|
||||
# eth1|::1|80|eth0|2001::1|20-21|IN|TCP
|
||||
|
|
@ -238,6 +238,11 @@ IPV6_PFORWARD=DROP
|
|||
#IPV6_TCPPORTS=$TCPPORTS
|
||||
#IPV6_UDPPORTS=$UDPPORTS
|
||||
|
||||
# Allowed IPv6 IPs and ports
|
||||
# this is a more advanced form of IPV6_TCPPORTS and IPV6_UDPPORTS,
|
||||
# and will eventually replace it
|
||||
#IPV6_ALLOWED=$BASEDIR/conf/ipv6-allowed
|
||||
|
||||
# IPv6 range to forward
|
||||
#IPV6_FORWARDRANGE=""
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue