Begin multiport option support

bin/firewall-sosdg

@@ -240,6 +240,23 @@ if [ -s "$BASEDIR/include/ipv4_custom_allowedports" ]; then
 	. "$BASEDIR/include/ipv4_custom_allowedports"
 fi
 
+if [ "$IPTABLES_MULTIPORT" ] {
+	case $IPTABLES_MULTIPORT in
+	  auto|AUTO|Auto)
+	  		if `${MODPROBE} ${NF_MULTIPORT} &>/dev/null`; then
+	  			display_c YELLOW "Multiport successfully loaded."
+	  		else
+	  			display_c RED "Multiport was not loaded successfully.  Disabling."
+	  			IPTABLES_MULTIPORT="no"
+	  		fi ;;
+	  yes|YES|Yes)
+	  		${MODPROBE} ${NF_MULTIPORT}
+	  		display_c PURPLE "Multiport loading forced, not error checking." ;;
+	  *)  IPTABLES_MULTIPORT="no"
+	  esac
+fi
+	  	
+
 if [ "$TCPPORTS" ] || [ "$UDPPORTS" ]; then
 	display_c YELLOW "Adding allowed port: " N
 

include/static

@@ -47,4 +47,7 @@ DEFAULT_COLOR="\E[39m"
 MOD_U32="xt_u32"
 
 # Location of the ipv4 network conf in proc
-PROC_NET_IPV4="/proc/sys/net/ipv4/conf"
+PROC_NET_IPV4="/proc/sys/net/ipv4/conf"
+
+# Multiport module name for kernel - override in options
+NF_MULTIPORT="xt_multiport"

options.default

@@ -40,6 +40,14 @@ MODPROBE=/sbin/modprobe
 # Port forwardings, requires NAT
 #PORTFW=$BASEDIR/port-forwards
 
+
+# Multiport support?
+# yes/no/auto  (auto will try to detect if we support multiport or not, may not always work)
+IPTABLES_MULTIPORT=auto
+
+# Multiport module name for kernel - use to override defaults
+#NF_MULTIPORT="xt_multiport"
+
 # TCP/UDP/Protocol to allow
 TCPPORTS="20 21 22 53 80 113 123 443"
 UDPPORTS="53"