Add firewall source IP support

openmptcprouter/files/etc/init.d/openmptcprouter-vps

@@ -684,6 +684,7 @@ _vps_firewall_redirect_port() {
 	config_get family $1 family "ipv4"
 	config_get enabled $1 enabled "1"
 	config_get src_dip $1 src_dip
+	config_get src_ip $1 src_ip
 	[ "$(echo $src_dport | cut -d'-' -f2)" -ge "65000" ] && {
 		logger -t "OMR-VPS" "You can't redirect ports >= 65000, they are needed by OpenMPTCProuter Server part"
 		uci -q delete firewall.$1
@@ -696,17 +697,23 @@ _vps_firewall_redirect_port() {
 				if [ "$src_dip" = "" ]; then
 					checkfw=$(echo "$vpsfwlist" | grep "$src_dport	# OMR $username redirect router $src_dport port tcp")
 				else
-					checkfw=$(echo "$vpsfwlist" | grep "# OMR $username redirect router $src_dport port tcp to $src_dip")
+					comment=""
+					[ -n "$src_dip" ] && comment=" to $src_dip"
+					[ -n "$src_ip" ] && comment=" from $src_ip"
+					checkfw=$(echo "$vpsfwlist" | grep "# OMR $username redirect router $src_dport port tcp${comment}")
 				fi
 			else
 				if [ "$src_dip" = "" ]; then
 					checkfw=$(echo "$vpsfw6list" | grep "$src_dport	# OMR $username redirect router $src_dport port tcp")
 				else
-					checkfw=$(echo "$vpsfw6list" | grep "# OMR $username redirect router $src_dport port tcp to $src_dip")
+					comment=""
+					[ -n "$src_dip" ] && comment=" to $src_dip"
+					[ -n "$src_ip" ] && comment=" from $src_ip"
+					checkfw=$(echo "$vpsfw6list" | grep "# OMR $username redirect router $src_dport port tcp${comment}")
 				fi
 			fi
 			if [ "$checkfw" = "" ]; then
-				settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","source_dip" : "'$src_dip'","proto" : "tcp","fwtype" : "DNAT","ipproto" : "'$family'"}'
+				settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","source_dip" : "'$src_dip'","source_ip" : "'$src_ip'","proto" : "tcp","fwtype" : "DNAT","ipproto" : "'$family'"}'
 				_set_json "shorewallopen" "$settings"
 			fi
 			if [ "$family" = "ipv4" ]; then
@@ -714,16 +721,22 @@ _vps_firewall_redirect_port() {
 					vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port tcp")
 					[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port tcp")
 				else
-					vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port tcp to $src_dip")
-					[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port tcp to $src_dip")
+					comment=""
+					[ -n "$src_dip" ] && comment=" to $src_dip"
+					[ -n "$src_ip" ] && comment=" from $src_ip"
+					vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port tcp${comment}")
+					[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port tcp${comment}")
 				fi
 			else
 				if [ "$src_dip" = "" ]; then
 					vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port tcp")
 					[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port tcp")
 				else
-					vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port tcp to $src_dip")
-					[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port tcp to $src_dip")
+					comment=""
+					[ -n "$src_dip" ] && comment=" to $src_dip"
+					[ -n "$src_ip" ] && comment=" from $src_ip"
+					vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port tcp${comment}")
+					[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port tcp${comment}")
 				fi
 			fi
 
@@ -732,17 +745,23 @@ _vps_firewall_redirect_port() {
 				if [ "$src_dip" = "" ]; then
 					checkfw=$(echo "$vpsfwlist" | grep "$src_dport	# OMR $username redirect router $src_dport port udp")
 				else
-					checkfw=$(echo "$vpsfwlist" | grep "# OMR $username redirect router $src_dport port udp to $src_dip")
+					comment=""
+					[ -n "$src_dip" ] && comment=" to $src_dip"
+					[ -n "$src_ip" ] && comment=" from $src_ip"
+					checkfw=$(echo "$vpsfwlist" | grep "# OMR $username redirect router $src_dport port udp${comment}")
 				fi
 			else
 				if [ "$src_dip" = "" ]; then
 					checkfw=$(echo "$vpsfw6list" | grep "$src_dport	# OMR $username redirect router $src_dport port udp")
 				else
-					checkfw=$(echo "$vpsfw6list" | grep "# OMR $username redirect router $src_dport port udp to $src_dip")
+					comment=""
+					[ -n "$src_dip" ] && comment=" to $src_dip"
+					[ -n "$src_ip" ] && comment=" from $src_ip"
+					checkfw=$(echo "$vpsfw6list" | grep "# OMR $username redirect router $src_dport port udp to${comment}")
 				fi
 			fi
 			if [ "$checkfw" = "" ]; then
-				settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","source_dip" : "'$src_dip'","proto" : "udp","fwtype" : "DNAT","ipproto" : "'$family'"}'
+				settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","source_dip" : "'$src_dip'","source_ip" : "'$src_ip'","proto" : "udp","fwtype" : "DNAT","ipproto" : "'$family'"}'
 				_set_json "shorewallopen" "$settings"
 			fi
 			if [ "$family" = "ipv4" ]; then
@@ -750,16 +769,22 @@ _vps_firewall_redirect_port() {
 					vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport	# OMR $username redirect router $src_dport port udp")
 					[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport	# OMR redirect router $src_dport port udp")
 				else
-					vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port udp to $src_dip")
-					[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port udp to $src_dip")
+					comment=""
+					[ -n "$src_dip" ] && comment=" to $src_dip"
+					[ -n "$src_ip" ] && comment=" from $src_ip"
+					vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port udp${comment}")
+					[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port udp${comment}")
 				fi
 			else
 				if [ "$src_dip" = "" ]; then
 					vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport	# OMR $username redirect router $src_dport port udp")
 					[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport	# OMR redirect router $src_dport port udp")
 				else
-					vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port udp to $src_dip")
-					[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port udp to $src_dip")
+					comment=""
+					[ -n "$src_dip" ] && comment=" to $src_dip"
+					[ -n "$src_ip" ] && comment=" from $src_ip"
+					vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port udp${comment}")
+					[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port udp${comment}")
 				fi
 			fi
 		else
@@ -768,17 +793,23 @@ _vps_firewall_redirect_port() {
 				if [ "$src_dip" = "" ]; then
 					checkfw=$(echo "$vpsfwlist" | grep "$src_dport	# OMR $username redirect router $src_dport port $proto")
 				else
-					checkfw=$(echo "$vpsfwlist" | grep "# OMR $username redirect router $src_dport port $proto to $src_dip")
+					comment=""
+					[ -n "$src_dip" ] && comment=" to $src_dip"
+					[ -n "$src_ip" ] && comment=" from $src_ip"
+					checkfw=$(echo "$vpsfwlist" | grep "# OMR $username redirect router $src_dport port $proto${comment}")
 				fi
 			else
 				if [ "$src_dip" = "" ]; then
 					checkfw=$(echo "$vpsfw6list" | grep "$src_dport	# OMR $username redirect router $src_dport port $proto")
 				else
-					checkfw=$(echo "$vpsfw6list" | grep "# OMR $username redirect router $src_dport port $proto to $src_dip")
+					comment=""
+					[ -n "$src_dip" ] && comment=" to $src_dip"
+					[ -n "$src_ip" ] && comment=" from $src_ip"
+					checkfw=$(echo "$vpsfw6list" | grep "# OMR $username redirect router $src_dport port $proto${comment}")
 				fi
 			fi
 			if [ "$checkfw" = "" ]; then
-				settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","source_dip" : "'$src_dip'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "'$family'"}'
+				settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","source_dip" : "'$src_dip'","source_ip" : "'$src_ip'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "'$family'"}'
 				_set_json "shorewallopen" "$settings"
 			fi
 			if [ "$family" = "ipv4" ]; then
@@ -786,16 +817,21 @@ _vps_firewall_redirect_port() {
 					vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport	# OMR $username redirect router $src_dport port $proto")
 					[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport	# OMR redirect router $src_dport port $proto")
 				else
-					vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port $proto to $src_dip")
-					[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port $proto to $src_dip")
+					comment=""
+					[ -n "$src_dip" ] && comment=" to $src_dip"
+					[ -n "$src_ip" ] && comment=" from $src_ip"
+					vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port $proto${comment}")
+					[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port $proto${comment}")
 				fi
 			else
 				if [ "$src_dip" = "" ]; then
 					vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport	# OMR $username redirect router $src_dport port $proto")
 					[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport	# OMR redirect router $src_dport port $proto")
 				else
-					vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port $proto to $src_dip")
-					[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port $proto to $src_dip")
+					[ -n "$src_dip" ] && comment=" to $src_dip"
+					[ -n "$src_ip" ] && comment=" from $src_ip"
+					vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port $proto${comment}")
+					[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port $proto${comment}")
 				fi
 			fi
 		fi
@@ -806,12 +842,15 @@ _vps_firewall_close_port() {
 	[ -n "$vpsfwlist" ] && {
 		echo "$vpsfwlist" | while read -r line; do
 			[ -n "$line" ] && {
-				proto=$(echo $line | awk '{print $4}')
-				src_dport=$(echo $line | awk '{print $5}')
-				source_port=$(echo $line | awk '{print $6}')
-				source_dip=$(echo $line | awk '{print $7}')
+				proto=$(echo $line | awk '{print $4}' | tr -d "\n")
+				src_dport=$(echo $line | awk '{print $5}' | tr -d "\n")
+				source_port=$(echo $line | awk '{print $6}' | tr -d "\n")
+				source_dip=$(echo $line | awk '{print $7}' | tr -d "\n")
+				source_ip=$(echo $line | awk '{print $2}' | awk -F ":" '{print $2}' | tr -d "\n")
 				if [ "$source_port" = "-" ]; then
-					settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","source_dip": "'$source_dip'"}'
+					settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","source_dip": "'$source_dip'","source_ip": "'$source_ip'"}'
+				elif [ "$source_ip" != "" ]; then
+					settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","source_ip": "'$source_ip'"}'
 				else
 					settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT"}'
 				fi
@@ -822,12 +861,15 @@ _vps_firewall_close_port() {
 	[ -n "$vpsfw6list" ] && {
 		echo "$vpsfw6list" | while read -r line; do
 			[ -n "$line" ] && {
-				proto=$(echo $line | awk '{print $4}')
-				src_dport=$(echo $line | awk '{print $5}')
-				source_port=$(echo $line | awk '{print $6}')
-				source_dip=$(echo $line | awk '{print $7}')
+				proto=$(echo $line | awk '{print $4}' | tr -d "\n")
+				src_dport=$(echo $line | awk '{print $5}' | tr -d "\n")
+				source_port=$(echo $line | awk '{print $6}' | tr -d "\n")
+				source_dip=$(echo $line | awk '{print $7}' | tr -d "\n")
+				source_ip=$(echo $line | awk '{print $2}' | awk -F ":" '{print $2}' | tr -d "\n")
 				if [ "$source_port" = "-" ]; then
-					settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "ipv6","source_dip": "'$source_dip'"}'
+					settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "ipv6","source_dip": "'$source_dip'","source_ip": "'$source_ip'"}'
+				elif [ "$source_ip" != "" ]; then
+					settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "ipv6","source_dip": "'$source_dip'","source_ip": "'$source_ip'"}'
 				else
 					settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "ipv6"}'
 				fi
@@ -873,7 +915,7 @@ _set_vps_firewall() {
 set_vps_firewall() {
 	fw3 -q print | grep 'vpn.* -d' |
 	while IFS=$"\n" read -r c; do
-		eval $(echo $c | sed 's/-A/-D/')
+		eval $(echo $c | sed 's/-A/-D/') 2>&1 >/dev/null
 		newrule=$(echo $c | sed -E -e 's/ -d ([^ ])*//' -e 's/ -s ([^ ])*//')
 		eval $(echo $newrule | sed 's/-A/-C/') || eval $newrule
 	done