brielle
/
SRFirewall
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 6 Wiki Activity
Browse Source

Multiport support for v2.2

master
Brielle Bruns 5 months ago
parent
1ea92aa558
commit
6a2589b8f2
3 changed files with 18 additions and 6 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -0
      CHANGELOG
  2. +1
    -1
      bin/srfirewall
  3. +14
    -5
      lib/iptables.inc

+ 3
- 0
CHANGELOG View File

@@ -1,3 +1,6 @@
2.2 - 04/09/2020
- Add multiport support to acl/forward

2.1p2 - 02/27/2020
- Fix issue with NAT variable not being reset after being changed



+ 1
- 1
bin/srfirewall View File

@@ -19,7 +19,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.

# Static config options, normally do not need to change
FW_VERSION="2.1p2"
FW_VERSION="2.2"

# Important directory locations
FWPREFIX="/usr/local"


+ 14
- 5
lib/iptables.inc View File

@@ -353,6 +353,15 @@ function enable_filtering {
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR}${direction} ${action} ${interface} ${srcaddress} ${srcport} ${dstaddress} ${dstport} ${protocol} ${syn} ${custom}"
dstmultiport="no"
srcmultiport="no"
[[ ${dstport} =~ (-|:|,) ]] && dstmultiport="yes"
[[ ${srcport} =~ (-|:|,) ]] && srcmultiport="yes"
([[ ${dstport} != "-" ]] && [[ ${dstmultiport} != "yes" ]]) && dstport="--dport ${dstport}"
([[ ${srcport} != "-" ]] && [[ ${srcmultiport} != "yes" ]]) && srcport="--dport ${srcport}"
([[ ${dstport} != "-" ]] && [[ ${dstmultiport} == "yes" ]]) && dstport="-m multiport --dports ${dstport}"
([[ ${srcport} != "-" ]] && [[ ${srcmultiport} == "yes" ]]) && srcport="-m multiport --sports ${srcport}"

# Blank variables that we're not going to use.
[[ ${interface} == "-" ]] && interface=""
[[ ${dstport} == "-" ]] && dstport=""
@@ -418,12 +427,12 @@ function enable_forwarding {
[[ ${syn} == "notsyn" ]] && syn="! --syn"
dstmultiport="no"
srcmultiport="no"
[[ ${dstport} =~ "," ]] && dstmultiport="yes"
[[ ${srcport} =~ "," ]] && srcmultiport="yes"
[[ ${dstport} =~ (-|:|,) ]] && dstmultiport="yes"
[[ ${srcport} =~ (-|:|,) ]] && srcmultiport="yes"
([[ ${dstport} != "-" ]] && [[ ${dstmultiport} != "yes" ]]) && dstport="--dport ${dstport}"
([[ ${srcport} != "-" ]] && [[ ${srcmultiport} != "yes" ]]) && srcport="--dport ${srcport}"
([[ ${srcport} != "-" ]] && [[ ${srcmultiport} != "yes" ]]) && srcport="--sport ${srcport}"
([[ ${dstport} != "-" ]] && [[ ${dstmultiport} == "yes" ]]) && dstport="-m multiport --dports ${dstport}"
([[ ${srcport} != "-" ]] && [[ ${srcmultiport} == "yes" ]]) && srcport="-m multiport --dports ${srcport}"
([[ ${srcport} != "-" ]] && [[ ${srcmultiport} == "yes" ]]) && srcport="-m multiport --sports ${srcport}"
([[ ${bidirectional} == "yes" ]] && [[ ${srcport} != "-" ]]) && revsrcport=${srcport/sport/dport}
([[ ${bidirectional} == "yes" ]] && [[ ${dstport} != "-" ]]) && revdstport=${dstport/dport/sport}
#[[ ${dstport} != "-" ]] && dstport="--dport ${dstport}"
@@ -551,7 +560,7 @@ function enable_services {
&& ${display} RED "service.conf: Error - must begin with service name or port number: ${DEFAULT_COLOR}${service} ${protocol} ${interface} ${address} ${srcaddress}" && continue
[[ ${protocol} == "-" ]] \
&& ${display} RED "service.conf: Error - protocol can not be empty: ${DEFAULT_COLOR}${service} ${protocol} ${interface} ${address} ${srcaddress}" && continue
[[ ${service} =~ "," ]] && multiport="yes"
[[ ${service} =~ (-|:|,) ]] && multiport="yes"
# Do some creative work with variables to make building the iptables rules fairly painless
([[ ${service} != "-" ]] && [[ ${multiport} != "yes" ]]) && service="--dport ${service}"
([[ ${service} != "-" ]] && [[ ${multiport} == "yes" ]]) && service="-m multiport --dports ${service}"


Write Preview
Loading…
Cancel
Save