brielle
/
SRFirewall
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Multiport support for v2.2

master
Brie Bruns 2020-04-09 10:15:22 -06:00
parent 1ea92aa558
commit 6a2589b8f2
3 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@ -1,3 +1,6 @@
2.2 - 04/09/2020
- Add multiport support to acl/forward
2.1p2 - 02/27/2020 2.1p2 - 02/27/2020
- Fix issue with NAT variable not being reset after being changed - Fix issue with NAT variable not being reset after being changed

2
bin/srfirewall
View File

@ -19,7 +19,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
# Static config options, normally do not need to change # Static config options, normally do not need to change
FW_VERSION="2.1p2" FW_VERSION="2.2"
# Important directory locations # Important directory locations
FWPREFIX="/usr/local" FWPREFIX="/usr/local"

19
lib/iptables.inc
View File

@ -353,6 +353,15 @@ function enable_filtering {
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR}${direction} ${action} ${interface} ${srcaddress} ${srcport} ${dstaddress} ${dstport} ${protocol} ${syn} ${custom}" ${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR}${direction} ${action} ${interface} ${srcaddress} ${srcport} ${dstaddress} ${dstport} ${protocol} ${syn} ${custom}"
dstmultiport="no"
srcmultiport="no"
[[ ${dstport} =~ (-|:|,) ]] && dstmultiport="yes"
[[ ${srcport} =~ (-|:|,) ]] && srcmultiport="yes"
([[ ${dstport} != "-" ]] && [[ ${dstmultiport} != "yes" ]]) && dstport="--dport ${dstport}"
([[ ${srcport} != "-" ]] && [[ ${srcmultiport} != "yes" ]]) && srcport="--dport ${srcport}"
([[ ${dstport} != "-" ]] && [[ ${dstmultiport} == "yes" ]]) && dstport="-m multiport --dports ${dstport}"
([[ ${srcport} != "-" ]] && [[ ${srcmultiport} == "yes" ]]) && srcport="-m multiport --sports ${srcport}"
# Blank variables that we're not going to use. # Blank variables that we're not going to use.
[[ ${interface} == "-" ]] && interface="" [[ ${interface} == "-" ]] && interface=""
[[ ${dstport} == "-" ]] && dstport="" [[ ${dstport} == "-" ]] && dstport=""
@ -418,12 +427,12 @@ function enable_forwarding {
[[ ${syn} == "notsyn" ]] && syn="! --syn" [[ ${syn} == "notsyn" ]] && syn="! --syn"
dstmultiport="no" dstmultiport="no"
srcmultiport="no" srcmultiport="no"
[[ ${dstport} =~ "," ]] && dstmultiport="yes" [[ ${dstport} =~ (-|:|,) ]] && dstmultiport="yes"
[[ ${srcport} =~ "," ]] && srcmultiport="yes" [[ ${srcport} =~ (-|:|,) ]] && srcmultiport="yes"
([[ ${dstport} != "-" ]] && [[ ${dstmultiport} != "yes" ]]) && dstport="--dport ${dstport}" ([[ ${dstport} != "-" ]] && [[ ${dstmultiport} != "yes" ]]) && dstport="--dport ${dstport}"
([[ ${srcport} != "-" ]] && [[ ${srcmultiport} != "yes" ]]) && srcport="--dport ${srcport}" ([[ ${srcport} != "-" ]] && [[ ${srcmultiport} != "yes" ]]) && srcport="--sport ${srcport}"
([[ ${dstport} != "-" ]] && [[ ${dstmultiport} == "yes" ]]) && dstport="-m multiport --dports ${dstport}" ([[ ${dstport} != "-" ]] && [[ ${dstmultiport} == "yes" ]]) && dstport="-m multiport --dports ${dstport}"
([[ ${srcport} != "-" ]] && [[ ${srcmultiport} == "yes" ]]) && srcport="-m multiport --dports ${srcport}" ([[ ${srcport} != "-" ]] && [[ ${srcmultiport} == "yes" ]]) && srcport="-m multiport --sports ${srcport}"
([[ ${bidirectional} == "yes" ]] && [[ ${srcport} != "-" ]]) && revsrcport=${srcport/sport/dport} ([[ ${bidirectional} == "yes" ]] && [[ ${srcport} != "-" ]]) && revsrcport=${srcport/sport/dport}
([[ ${bidirectional} == "yes" ]] && [[ ${dstport} != "-" ]]) && revdstport=${dstport/dport/sport} ([[ ${bidirectional} == "yes" ]] && [[ ${dstport} != "-" ]]) && revdstport=${dstport/dport/sport}
#[[ ${dstport} != "-" ]] && dstport="--dport ${dstport}" #[[ ${dstport} != "-" ]] && dstport="--dport ${dstport}"
@ -551,7 +560,7 @@ function enable_services {
&& ${display} RED "service.conf: Error - must begin with service name or port number: ${DEFAULT_COLOR}${service} ${protocol} ${interface} ${address} ${srcaddress}" && continue && ${display} RED "service.conf: Error - must begin with service name or port number: ${DEFAULT_COLOR}${service} ${protocol} ${interface} ${address} ${srcaddress}" && continue
[[ ${protocol} == "-" ]] \ [[ ${protocol} == "-" ]] \
&& ${display} RED "service.conf: Error - protocol can not be empty: ${DEFAULT_COLOR}${service} ${protocol} ${interface} ${address} ${srcaddress}" && continue && ${display} RED "service.conf: Error - protocol can not be empty: ${DEFAULT_COLOR}${service} ${protocol} ${interface} ${address} ${srcaddress}" && continue
[[ ${service} =~ "," ]] && multiport="yes" [[ ${service} =~ (-|:|,) ]] && multiport="yes"
# Do some creative work with variables to make building the iptables rules fairly painless # Do some creative work with variables to make building the iptables rules fairly painless
([[ ${service} != "-" ]] && [[ ${multiport} != "yes" ]]) && service="--dport ${service}" ([[ ${service} != "-" ]] && [[ ${multiport} != "yes" ]]) && service="--dport ${service}"
([[ ${service} != "-" ]] && [[ ${multiport} == "yes" ]]) && service="-m multiport --dports ${service}" ([[ ${service} != "-" ]] && [[ ${multiport} == "yes" ]]) && service="-m multiport --dports ${service}"