Add options 'restrict_local_service_to_net' and 'restrict_local_net_to_net'
This commit is contained in:
@@ -182,6 +182,58 @@ local_2_ip=""
|
||||
broadcast_ips=""
|
||||
|
||||
|
||||
# -------------
|
||||
# ---- Restrict local Servive to given (extern) IP-Address/Network
|
||||
# -------------
|
||||
|
||||
# - restrict_local_service_to_net
|
||||
# -
|
||||
# - restrict_local_service_to_net="ext-net:local-address:port:protocol"
|
||||
# -
|
||||
# - Note:
|
||||
# - =====
|
||||
# - - Only 'tcp' and 'udp' are allowed valuse for protocol.
|
||||
# - - Traffic recieved on natted interfaces will be ommitted!
|
||||
# -
|
||||
# - Use this parameter to (only) give some extern netwoks access to special local
|
||||
# - services.
|
||||
# -
|
||||
# - Example:
|
||||
# - allow access from 194.150.169.139 to tcp service at 83.223.86.98 on port 1036
|
||||
# - allow access from 86.73.85.0/24 to https service at 83.223.86.98
|
||||
# -
|
||||
# - restrict_local_service_to_net="194.150.169.139/32:83.223.86.98:1036:tcp
|
||||
# - 86.73.85.0/24:83.223.86.98:443:tcp"
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
restrict_local_service_to_net=""
|
||||
|
||||
|
||||
# -------------
|
||||
# ---- Restrict local Network to given extern IP-Address/Network
|
||||
# -------------
|
||||
|
||||
# - restrict_local_net_to_net
|
||||
# -
|
||||
# - restrict_local_net_to_net="<src-ext-net>:<dst-local-net> [<src-ext-net>:<dst-local-net>] [..]"
|
||||
# -
|
||||
# - All traffic from the given first network to the given second network is allowed
|
||||
# -
|
||||
# - Note:
|
||||
# - =====
|
||||
# - - Traffic recieved on natted interfaces will be ommitted!
|
||||
# - - If you want allow both directions, you have to make two entries - one for evry directions.
|
||||
# -
|
||||
# - Example:
|
||||
# - allow_ext_net_to_local_net="86.223.85.0/24:86.223.73.192/26
|
||||
# - 83.223.86.96/32:86.223.73.0/24"
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
restrict_local_net_to_net=""
|
||||
|
||||
|
||||
# -------------
|
||||
# --- Services local Network
|
||||
# -------------
|
||||
@@ -506,6 +558,22 @@ for _dev in $unprotected_ifs ; do
|
||||
unprotected_if_arr+=("$_dev")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Restrict local Servive to given IP-Address/Network
|
||||
# ---
|
||||
declare -a restrict_local_service_to_net_arr
|
||||
for _val in $restrict_local_service_to_net ; do
|
||||
restrict_local_service_to_net_arr+=("$_val")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Restrict local Network to given IP-Address/Network
|
||||
# ---
|
||||
declare -a restrict_local_net_to_net_arr
|
||||
for _val in $restrict_local_net_to_net ; do
|
||||
restrict_local_net_to_net_arr+=("$_val")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Generally block ports
|
||||
# ---
|
||||
|
||||
Reference in New Issue
Block a user