mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-02-13 11:01:50 +00:00
Code Issues Releases Wiki Activity

Add firewall source IP support

Browse source
This commit is contained in:
Ycarus (Yannick Chabanois) 2020-07-29 11:00:17 +02:00
parent e36c3111f2
commit 7f86bbdab5
1 changed files with 74 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

106
openmptcprouter/files/etc/init.d/openmptcprouter-vps
View file

@ -684,6 +684,7 @@ _vps_firewall_redirect_port() {
config_get family $1 family "ipv4" config_get family $1 family "ipv4"
config_get enabled $1 enabled "1" config_get enabled $1 enabled "1"
config_get src_dip $1 src_dip config_get src_dip $1 src_dip
config_get src_ip $1 src_ip
[ "$(echo $src_dport | cut -d'-' -f2)" -ge "65000" ] && { [ "$(echo $src_dport | cut -d'-' -f2)" -ge "65000" ] && {
logger -t "OMR-VPS" "You can't redirect ports >= 65000, they are needed by OpenMPTCProuter Server part" logger -t "OMR-VPS" "You can't redirect ports >= 65000, they are needed by OpenMPTCProuter Server part"
uci -q delete firewall.$1 uci -q delete firewall.$1
@ -696,17 +697,23 @@ _vps_firewall_redirect_port() {
if [ "$src_dip" = "" ]; then if [ "$src_dip" = "" ]; then
checkfw=$(echo "$vpsfwlist" | grep "$src_dport # OMR $username redirect router $src_dport port tcp") checkfw=$(echo "$vpsfwlist" | grep "$src_dport # OMR $username redirect router $src_dport port tcp")
else else
checkfw=$(echo "$vpsfwlist" | grep "# OMR $username redirect router $src_dport port tcp to $src_dip") comment=""
[ -n "$src_dip" ] && comment=" to $src_dip"
[ -n "$src_ip" ] && comment=" from $src_ip"
checkfw=$(echo "$vpsfwlist" | grep "# OMR $username redirect router $src_dport port tcp${comment}")
fi fi
else else
if [ "$src_dip" = "" ]; then if [ "$src_dip" = "" ]; then
checkfw=$(echo "$vpsfw6list" | grep "$src_dport # OMR $username redirect router $src_dport port tcp") checkfw=$(echo "$vpsfw6list" | grep "$src_dport # OMR $username redirect router $src_dport port tcp")
else else
checkfw=$(echo "$vpsfw6list" | grep "# OMR $username redirect router $src_dport port tcp to $src_dip") comment=""
[ -n "$src_dip" ] && comment=" to $src_dip"
[ -n "$src_ip" ] && comment=" from $src_ip"
checkfw=$(echo "$vpsfw6list" | grep "# OMR $username redirect router $src_dport port tcp${comment}")
fi fi
fi fi
if [ "$checkfw" = "" ]; then if [ "$checkfw" = "" ]; then
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","source_dip" : "'$src_dip'","proto" : "tcp","fwtype" : "DNAT","ipproto" : "'$family'"}' settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","source_dip" : "'$src_dip'","source_ip" : "'$src_ip'","proto" : "tcp","fwtype" : "DNAT","ipproto" : "'$family'"}'
_set_json "shorewallopen" "$settings" _set_json "shorewallopen" "$settings"
fi fi
if [ "$family" = "ipv4" ]; then if [ "$family" = "ipv4" ]; then
@ -714,16 +721,22 @@ _vps_firewall_redirect_port() {
vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port tcp") vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port tcp")
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port tcp") [ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port tcp")
else else
vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port tcp to $src_dip") comment=""
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port tcp to $src_dip") [ -n "$src_dip" ] && comment=" to $src_dip"
[ -n "$src_ip" ] && comment=" from $src_ip"
vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port tcp${comment}")
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port tcp${comment}")
fi fi
else else
if [ "$src_dip" = "" ]; then if [ "$src_dip" = "" ]; then
vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port tcp") vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port tcp")
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port tcp") [ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port tcp")
else else
vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port tcp to $src_dip") comment=""
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port tcp to $src_dip") [ -n "$src_dip" ] && comment=" to $src_dip"
[ -n "$src_ip" ] && comment=" from $src_ip"
vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port tcp${comment}")
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port tcp${comment}")
fi fi
fi fi
@ -732,17 +745,23 @@ _vps_firewall_redirect_port() {
if [ "$src_dip" = "" ]; then if [ "$src_dip" = "" ]; then
checkfw=$(echo "$vpsfwlist" | grep "$src_dport # OMR $username redirect router $src_dport port udp") checkfw=$(echo "$vpsfwlist" | grep "$src_dport # OMR $username redirect router $src_dport port udp")
else else
checkfw=$(echo "$vpsfwlist" | grep "# OMR $username redirect router $src_dport port udp to $src_dip") comment=""
[ -n "$src_dip" ] && comment=" to $src_dip"
[ -n "$src_ip" ] && comment=" from $src_ip"
checkfw=$(echo "$vpsfwlist" | grep "# OMR $username redirect router $src_dport port udp${comment}")
fi fi
else else
if [ "$src_dip" = "" ]; then if [ "$src_dip" = "" ]; then
checkfw=$(echo "$vpsfw6list" | grep "$src_dport # OMR $username redirect router $src_dport port udp") checkfw=$(echo "$vpsfw6list" | grep "$src_dport # OMR $username redirect router $src_dport port udp")
else else
checkfw=$(echo "$vpsfw6list" | grep "# OMR $username redirect router $src_dport port udp to $src_dip") comment=""
[ -n "$src_dip" ] && comment=" to $src_dip"
[ -n "$src_ip" ] && comment=" from $src_ip"
checkfw=$(echo "$vpsfw6list" | grep "# OMR $username redirect router $src_dport port udp to${comment}")
fi fi
fi fi
if [ "$checkfw" = "" ]; then if [ "$checkfw" = "" ]; then
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","source_dip" : "'$src_dip'","proto" : "udp","fwtype" : "DNAT","ipproto" : "'$family'"}' settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","source_dip" : "'$src_dip'","source_ip" : "'$src_ip'","proto" : "udp","fwtype" : "DNAT","ipproto" : "'$family'"}'
_set_json "shorewallopen" "$settings" _set_json "shorewallopen" "$settings"
fi fi
if [ "$family" = "ipv4" ]; then if [ "$family" = "ipv4" ]; then
@ -750,16 +769,22 @@ _vps_firewall_redirect_port() {
vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR $username redirect router $src_dport port udp") vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR $username redirect router $src_dport port udp")
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR redirect router $src_dport port udp") [ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR redirect router $src_dport port udp")
else else
vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port udp to $src_dip") comment=""
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port udp to $src_dip") [ -n "$src_dip" ] && comment=" to $src_dip"
[ -n "$src_ip" ] && comment=" from $src_ip"
vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port udp${comment}")
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port udp${comment}")
fi fi
else else
if [ "$src_dip" = "" ]; then if [ "$src_dip" = "" ]; then
vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR $username redirect router $src_dport port udp") vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR $username redirect router $src_dport port udp")
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR redirect router $src_dport port udp") [ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR redirect router $src_dport port udp")
else else
vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port udp to $src_dip") comment=""
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port udp to $src_dip") [ -n "$src_dip" ] && comment=" to $src_dip"
[ -n "$src_ip" ] && comment=" from $src_ip"
vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port udp${comment}")
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port udp${comment}")
fi fi
fi fi
else else
@ -768,17 +793,23 @@ _vps_firewall_redirect_port() {
if [ "$src_dip" = "" ]; then if [ "$src_dip" = "" ]; then
checkfw=$(echo "$vpsfwlist" | grep "$src_dport # OMR $username redirect router $src_dport port $proto") checkfw=$(echo "$vpsfwlist" | grep "$src_dport # OMR $username redirect router $src_dport port $proto")
else else
checkfw=$(echo "$vpsfwlist" | grep "# OMR $username redirect router $src_dport port $proto to $src_dip") comment=""
[ -n "$src_dip" ] && comment=" to $src_dip"
[ -n "$src_ip" ] && comment=" from $src_ip"
checkfw=$(echo "$vpsfwlist" | grep "# OMR $username redirect router $src_dport port $proto${comment}")
fi fi
else else
if [ "$src_dip" = "" ]; then if [ "$src_dip" = "" ]; then
checkfw=$(echo "$vpsfw6list" | grep "$src_dport # OMR $username redirect router $src_dport port $proto") checkfw=$(echo "$vpsfw6list" | grep "$src_dport # OMR $username redirect router $src_dport port $proto")
else else
checkfw=$(echo "$vpsfw6list" | grep "# OMR $username redirect router $src_dport port $proto to $src_dip") comment=""
[ -n "$src_dip" ] && comment=" to $src_dip"
[ -n "$src_ip" ] && comment=" from $src_ip"
checkfw=$(echo "$vpsfw6list" | grep "# OMR $username redirect router $src_dport port $proto${comment}")
fi fi
fi fi
if [ "$checkfw" = "" ]; then if [ "$checkfw" = "" ]; then
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","source_dip" : "'$src_dip'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "'$family'"}' settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","source_dip" : "'$src_dip'","source_ip" : "'$src_ip'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "'$family'"}'
_set_json "shorewallopen" "$settings" _set_json "shorewallopen" "$settings"
fi fi
if [ "$family" = "ipv4" ]; then if [ "$family" = "ipv4" ]; then
@ -786,16 +817,21 @@ _vps_firewall_redirect_port() {
vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR $username redirect router $src_dport port $proto") vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR $username redirect router $src_dport port $proto")
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR redirect router $src_dport port $proto") [ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR redirect router $src_dport port $proto")
else else
vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port $proto to $src_dip") comment=""
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port $proto to $src_dip") [ -n "$src_dip" ] && comment=" to $src_dip"
[ -n "$src_ip" ] && comment=" from $src_ip"
vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port $proto${comment}")
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port $proto${comment}")
fi fi
else else
if [ "$src_dip" = "" ]; then if [ "$src_dip" = "" ]; then
vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR $username redirect router $src_dport port $proto") vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR $username redirect router $src_dport port $proto")
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR redirect router $src_dport port $proto") [ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR redirect router $src_dport port $proto")
else else
vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port $proto to $src_dip") [ -n "$src_dip" ] && comment=" to $src_dip"
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port $proto to $src_dip") [ -n "$src_ip" ] && comment=" from $src_ip"
vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port $proto${comment}")
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port $proto${comment}")
fi fi
fi fi
fi fi
@ -806,12 +842,15 @@ _vps_firewall_close_port() {
[ -n "$vpsfwlist" ] && { [ -n "$vpsfwlist" ] && {
echo "$vpsfwlist" | while read -r line; do echo "$vpsfwlist" | while read -r line; do
[ -n "$line" ] && { [ -n "$line" ] && {
proto=$(echo $line | awk '{print $4}') proto=$(echo $line | awk '{print $4}' | tr -d "\n")
src_dport=$(echo $line | awk '{print $5}') src_dport=$(echo $line | awk '{print $5}' | tr -d "\n")
source_port=$(echo $line | awk '{print $6}') source_port=$(echo $line | awk '{print $6}' | tr -d "\n")
source_dip=$(echo $line | awk '{print $7}') source_dip=$(echo $line | awk '{print $7}' | tr -d "\n")
source_ip=$(echo $line | awk '{print $2}' | awk -F ":" '{print $2}' | tr -d "\n")
if [ "$source_port" = "-" ]; then if [ "$source_port" = "-" ]; then
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","source_dip": "'$source_dip'"}' settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","source_dip": "'$source_dip'","source_ip": "'$source_ip'"}'
elif [ "$source_ip" != "" ]; then
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","source_ip": "'$source_ip'"}'
else else
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT"}' settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT"}'
fi fi
@ -822,12 +861,15 @@ _vps_firewall_close_port() {
[ -n "$vpsfw6list" ] && { [ -n "$vpsfw6list" ] && {
echo "$vpsfw6list" | while read -r line; do echo "$vpsfw6list" | while read -r line; do
[ -n "$line" ] && { [ -n "$line" ] && {
proto=$(echo $line | awk '{print $4}') proto=$(echo $line | awk '{print $4}' | tr -d "\n")
src_dport=$(echo $line | awk '{print $5}') src_dport=$(echo $line | awk '{print $5}' | tr -d "\n")
source_port=$(echo $line | awk '{print $6}') source_port=$(echo $line | awk '{print $6}' | tr -d "\n")
source_dip=$(echo $line | awk '{print $7}') source_dip=$(echo $line | awk '{print $7}' | tr -d "\n")
source_ip=$(echo $line | awk '{print $2}' | awk -F ":" '{print $2}' | tr -d "\n")
if [ "$source_port" = "-" ]; then if [ "$source_port" = "-" ]; then
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "ipv6","source_dip": "'$source_dip'"}' settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "ipv6","source_dip": "'$source_dip'","source_ip": "'$source_ip'"}'
elif [ "$source_ip" != "" ]; then
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "ipv6","source_dip": "'$source_dip'","source_ip": "'$source_ip'"}'
else else
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "ipv6"}' settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "ipv6"}'
fi fi
@ -873,7 +915,7 @@ _set_vps_firewall() {
set_vps_firewall() { set_vps_firewall() {
fw3 -q print | grep 'vpn.* -d' | fw3 -q print | grep 'vpn.* -d' |
while IFS=$"\n" read -r c; do while IFS=$"\n" read -r c; do
eval $(echo $c | sed 's/-A/-D/') eval $(echo $c | sed 's/-A/-D/') 2>&1 >/dev/null
newrule=$(echo $c | sed -E -e 's/ -d ([^ ])*//' -e 's/ -s ([^ ])*//') newrule=$(echo $c | sed -E -e 's/ -d ([^ ])*//' -e 's/ -s ([^ ])*//')
eval $(echo $newrule | sed 's/-A/-C/') || eval $newrule eval $(echo $newrule | sed 's/-A/-C/') || eval $newrule
done done