mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-02-14 19:41:51 +00:00
Code Issues Releases Wiki Activity

Open and close IPv6 ports on firewall

Browse source
This commit is contained in:
Ycarus (Yannick Chabanois) 2020-02-21 14:58:35 +01:00
parent 9a7f33a0fa
commit 8e5d9b5923
1 changed files with 43 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
openmptcprouter/files/etc/init.d/openmptcprouter-vps
View file

@ -549,31 +549,56 @@ _vps_firewall_redirect_port() {
config_get src $1 src config_get src $1 src
config_get proto $1 proto config_get proto $1 proto
config_get src_dport $1 src_dport config_get src_dport $1 src_dport
config_get family $1 family "ipv4"
[ "$src" = "vpn" ] && [ -n "$proto" ] && [ -n "$src_dport" ] && { [ "$src" = "vpn" ] && [ -n "$proto" ] && [ -n "$src_dport" ] && {
if [ "$proto" = "tcp udp" ]; then if [ "$proto" = "tcp udp" ]; then
vpsfwlist=$(echo "$vpsfwlist" | grep -v "$port # OMR redirect router $src_dport port tcp") if [ "$family" = "ipv4" ]; then
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "tcp","fwtype" : "DNAT"}' vpsfwlist=$(echo "$vpsfwlist" | grep -v "$port # OMR redirect router $src_dport port tcp")
else
vpsfw6list=$(echo "$vpsfw6list" | grep -v "$port # OMR redirect router $src_dport port tcp")
fi
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "tcp","fwtype" : "DNAT","ipproto" : "'$family'"}'
_set_json "shorewallopen" "$settings" _set_json "shorewallopen" "$settings"
vpsfwlist=$(echo "$vpsfwlist" | grep -v "$port # OMR redirect router $src_dport port udp") if [ "$family" = "ipv4" ]; then
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "udp","fwtype" : "DNAT"}' vpsfwlist=$(echo "$vpsfwlist" | grep -v "$port # OMR redirect router $src_dport port udp")
else
vpsfw6list=$(echo "$vpsfw6list" | grep -v "$port # OMR redirect router $src_dport port udp")
fi
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "udp","fwtype" : "DNAT","ipproto" : "'$family'"}'
_set_json "shorewallopen" "$settings" _set_json "shorewallopen" "$settings"
else else
vpsfwlist=$(echo "$vpsfwlist" | grep -v "$port # OMR redirect router $src_dport port $proto") if [ "$family" = "ipv4" ]; then
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT"}' vpsfwlist=$(echo "$vpsfwlist" | grep -v "$port # OMR redirect router $src_dport port $proto")
else
vpsfw6list=$(echo "$vpsfw6list" | grep -v "$port # OMR redirect router $src_dport port $proto")
fi
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "'$family'"}'
_set_json "shorewallopen" "$settings" _set_json "shorewallopen" "$settings"
fi fi
} }
} }
_vps_firewall_close_port() { _vps_firewall_close_port() {
echo "$vpsfwlist" | while read -r line; do [ -n "$vpsfwlist" ] && {
[ -n "$line" ] && { echo "$vpsfwlist" | while read -r line; do
proto=$(echo $line | awk '{print $4}') [ -n "$line" ] && {
src_dport=$(echo $line | awk '{print $5}') proto=$(echo $line | awk '{print $4}')
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT"}' src_dport=$(echo $line | awk '{print $5}')
_set_json "shorewallclose" "$settings" settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT"}'
} _set_json "shorewallclose" "$settings"
done }
done
}
[ -n "$vpsfw6list" ] && {
echo "$vpsfw6list" | while read -r line; do
[ -n "$line" ] && {
proto=$(echo $line | awk '{print $4}')
src_dport=$(echo $line | awk '{print $5}')
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "ipv6"}'
_set_json "shorewallclose" "$settings"
}
done
}
} }
_set_vps_firewall() { _set_vps_firewall() {
@ -596,9 +621,12 @@ _set_vps_firewall() {
settings='{"name" : "redirect router"}' settings='{"name" : "redirect router"}'
fw_list=$(_set_json "shorewalllist" "$settings") fw_list=$(_set_json "shorewalllist" "$settings")
vpsfwlist=$(echo $fw_list | jsonfilter -q -e '@.list[*]' | sed '/^[[:space:]]*$/d') vpsfwlist=$(echo $fw_list | jsonfilter -q -e '@.list[*]' | sed '/^[[:space:]]*$/d')
settings='{"name" : "redirect router","ipproto" : "ipv6"}'
fw6_list=$(_set_json "shorewalllist" "$settings")
vpsfw6list=$(echo $fw6_list | jsonfilter -q -e '@.list[*]' | sed '/^[[:space:]]*$/d')
config_load firewall config_load firewall
config_foreach _vps_firewall_redirect_port redirect config_foreach _vps_firewall_redirect_port redirect
[ -n "$vpsfwlist" ] && _vps_firewall_close_port [ -n "$vpsfwlist" ] || [ -n "$vpsfw6list" ] && _vps_firewall_close_port
} }
set_vps_firewall() { set_vps_firewall() {