mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-02-12 18:41:51 +00:00
Code Issues Releases Wiki Activity

Open and close IPv6 ports on firewall

Browse source
This commit is contained in:
Ycarus (Yannick Chabanois) 2020-02-21 14:58:35 +01:00
parent 9a7f33a0fa
commit 8e5d9b5923
1 changed files with 43 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
openmptcprouter/files/etc/init.d/openmptcprouter-vps
View file

@ -549,23 +549,37 @@ _vps_firewall_redirect_port() {
config_get src $1 src
config_get proto $1 proto
config_get src_dport $1 src_dport
config_get family $1 family "ipv4"
[ "$src" = "vpn" ] && [ -n "$proto" ] && [ -n "$src_dport" ] && {
if [ "$proto" = "tcp udp" ]; then
if [ "$family" = "ipv4" ]; then
vpsfwlist=$(echo "$vpsfwlist" | grep -v "$port # OMR redirect router $src_dport port tcp")
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "tcp","fwtype" : "DNAT"}'
else
vpsfw6list=$(echo "$vpsfw6list" | grep -v "$port # OMR redirect router $src_dport port tcp")
fi
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "tcp","fwtype" : "DNAT","ipproto" : "'$family'"}'
_set_json "shorewallopen" "$settings"
if [ "$family" = "ipv4" ]; then
vpsfwlist=$(echo "$vpsfwlist" | grep -v "$port # OMR redirect router $src_dport port udp")
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "udp","fwtype" : "DNAT"}'
else
vpsfw6list=$(echo "$vpsfw6list" | grep -v "$port # OMR redirect router $src_dport port udp")
fi
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "udp","fwtype" : "DNAT","ipproto" : "'$family'"}'
_set_json "shorewallopen" "$settings"
else
if [ "$family" = "ipv4" ]; then
vpsfwlist=$(echo "$vpsfwlist" | grep -v "$port # OMR redirect router $src_dport port $proto")
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT"}'
else
vpsfw6list=$(echo "$vpsfw6list" | grep -v "$port # OMR redirect router $src_dport port $proto")
fi
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "'$family'"}'
_set_json "shorewallopen" "$settings"
fi
}
}
_vps_firewall_close_port() {
[ -n "$vpsfwlist" ] && {
echo "$vpsfwlist" | while read -r line; do
[ -n "$line" ] && {
proto=$(echo $line | awk '{print $4}')
@ -574,6 +588,17 @@ _vps_firewall_close_port() {
_set_json "shorewallclose" "$settings"
}
done
}
[ -n "$vpsfw6list" ] && {
echo "$vpsfw6list" | while read -r line; do
[ -n "$line" ] && {
proto=$(echo $line | awk '{print $4}')
src_dport=$(echo $line | awk '{print $5}')
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "ipv6"}'
_set_json "shorewallclose" "$settings"
}
done
}
}
_set_vps_firewall() {
@ -596,9 +621,12 @@ _set_vps_firewall() {
settings='{"name" : "redirect router"}'
fw_list=$(_set_json "shorewalllist" "$settings")
vpsfwlist=$(echo $fw_list | jsonfilter -q -e '@.list[*]' | sed '/^[[:space:]]*$/d')
settings='{"name" : "redirect router","ipproto" : "ipv6"}'
fw6_list=$(_set_json "shorewalllist" "$settings")
vpsfw6list=$(echo $fw6_list | jsonfilter -q -e '@.list[*]' | sed '/^[[:space:]]*$/d')
config_load firewall
config_foreach _vps_firewall_redirect_port redirect
[ -n "$vpsfwlist" ] && _vps_firewall_close_port
[ -n "$vpsfwlist" ] || [ -n "$vpsfw6list" ] && _vps_firewall_close_port
}
set_vps_firewall() {