Multiport enabled for TCP and IPv6 TCP

bin/firewall-sosdg

@@ -245,13 +245,15 @@ if [ "$IPTABLES_MULTIPORT" ]; then
 	  auto|AUTO|Auto)
 	  		if `${MODPROBE} ${NF_MULTIPORT} &>/dev/null`; then
 	  			display_c YELLOW "Multiport successfully loaded."
+	  			IPTABLES_MULTIPORT="yes"
 	  		else
 	  			display_c RED "Multiport was not loaded successfully.  Disabling."
 	  			IPTABLES_MULTIPORT="no"
 	  		fi ;;
 	  yes|YES|Yes)
 	  		${MODPROBE} ${NF_MULTIPORT}
-	  		display_c PURPLE "Multiport loading forced, not error checking." ;;
+	  		display_c PURPLE "Multiport loading forced, not error checking."
+	  		IPTABLES_MULTIPORT="yes" ;;
 	  *)  IPTABLES_MULTIPORT="no"
 	  esac
 fi
@@ -259,13 +261,30 @@ fi
 
 if [ "$TCPPORTS" ] || [ "$UDPPORTS" ]; then
 	display_c YELLOW "Adding allowed port: " N
-
 	if [ "$TCPPORTS" ]; then
+		if [ $IPTABLES_MULTIPORT == "yes" ]; then
+			TCPPORTS=($TCPPORTS)
+			PORTS_COUNT=${#TCPPORTS[@]}
+			PORTS_COUNT_CURR=0
+			while [ $PORTS_COUNT_CURR -lt $PORTS_COUNT ]; do
+				for ((y=$PORTS_COUNT_CURR; y <=(($PORTS_COUNT_CURR+((MULTI_MAX_PORTS-1)))); y++)); do
+					if [ ${TCPPORTS[$y]} ]; then
+						PORTS="$PORTS,${TCPPORTS[$y]}"
+					fi
+				done
+				echo -en "${PURPLE}Multiport-TCP${DEFAULT_COLOR}/${GREEN}${PORTS#,}"
+				${IPTABLES} -A INPUT -p tcp -m multiport --dports ${PORTS#,} -j ACCEPT"
+				unset PORTS
+        		PORTS_COUNT_CURR=$y
+			done
+			unset y PORTS PORTS_COUNT_CURR PORTS_COUNT
+		else
 			for i in $TCPPORTS; do
 				echo -en "${PURPLE}TCP${DEFAULT_COLOR}/${GREEN}$i "
 				$IPTABLES -A INPUT -p tcp --dport $i -j ACCEPT
 			done
 		fi
+	fi
 	if [ "$UDPPORTS" ]; then
 		for i in $UDPPORTS; do
 			echo -en "${BLUE}UDP${DEFAULT_COLOR}/${GREEN}$i "
@@ -545,14 +564,29 @@ if [ $IPV6 ]; then
 	fi
 	if [ "$IPV6TCP" ] || [ "$IPV6UDP" ]; then
 		display_c YELLOW "Adding allowed IPv6 port: " N
-
 		if [ "$IPV6TCP" ]; then
+			if [ $IPTABLES_MULTIPORT == "yes" ]; then
+				IPV6TCP=($IPV6TCP)
+				PORTS_COUNT=${#IPV6TCP[@]}
+				PORTS_COUNT_CURR=0
+				while [ $PORTS_COUNT_CURR -lt $PORTS_COUNT ]; do
+					for ((y=$PORTS_COUNT_CURR; y <=(($PORTS_COUNT_CURR+((MULTI_MAX_PORTS-1)))); y++)); do
+						if [ ${IPV6TCP[$y]} ]; then
+							PORTS="$PORTS,${IPV6TCP[$y]}"
+						fi
+				done
+				echo -en "${PURPLE}Multiport-TCP${DEFAULT_COLOR}/${GREEN}${PORTS#,}"
+				${IPTABLES} -A INPUT -p tcp -m multiport --dports ${PORTS#,} -j ACCEPT"
+				unset PORTS
+        		PORTS_COUNT_CURR=$y
+			done
+			unset y PORTS PORTS_COUNT_CURR PORTS_COUNT
+		else
 				for i in $IPV6TCP; do
 					echo -en "${PURPLE}TCP${DEFAULT_COLOR}/${GREEN}$i "
 					$IP6TABLES -A INPUT -p tcp --dport $i -j ACCEPT
 				done
 		fi
-
 		if [ "$IPV6UDP" ]; then
 			for i in $IPV6UDP; do
 				echo -en "${BLUE}UDP${DEFAULT_COLOR}/${GREEN}$i "

include/static

@@ -49,5 +49,6 @@ MOD_U32="xt_u32"
 # Location of the ipv4 network conf in proc
 PROC_NET_IPV4="/proc/sys/net/ipv4/conf"
 
-# Multiport module name for kernel - override in options
+# Multiport options - override in options
 NF_MULTIPORT="xt_multiport"
+NF_MULTIPORT_MAX_PORTS="7"

options.default

@@ -42,11 +42,13 @@ MODPROBE=/sbin/modprobe
 
 
 # Multiport support?
-# yes/no/auto  (auto will try to detect if we support multiport or not, may not always work)
+# yes/no/auto  (auto will try to detect if we support multiport or not,
+# may not always work but is recommended unless you have a reason otherwise)
 IPTABLES_MULTIPORT=auto
 
-# Multiport module name for kernel - use to override defaults
+# Multiport options - use to override defaults
 #NF_MULTIPORT="xt_multiport"
+#NF_MULTIPORT_MAX_PORTS="7"
 
 # TCP/UDP/Protocol to allow
 TCPPORTS="20 21 22 53 80 113 123 443"