Add rules for extern services, extern networks and local (non-standard) services.

2019-02-25 15:24:51 +01:00
parent 7219691f1e
commit e7fd6ee87a
4 changed files with 286 additions and 2 deletions
--- a/ipt-firewall-server.conf.sample
+++ b/ipt-firewall-server.conf.sample
@@ -35,7 +35,7 @@ log_blocked=false
 log_unprotected=false
 log_prohibited=false
 log_voip=false
-log_rejected=true
+log_rejected=false

 log_ssh=false

@@ -239,6 +239,64 @@ restrict_local_service_to_net=""
 restrict_local_net_to_net=""


+# -------------
+# ---- Allow extern Service 
+# -------------
+
+# - allow_ext_service
+# -
+# - allow_ext_service="<ext-ip>:<ext_port>:<protocol> [<ext-ip>:<ext_port>:<protocol> [ ..
+# -
+# - Allow all traffic to the given extern Service. Only protcols 'tcp' and 'udp'
+# - are allowed
+# -
+# - Example:
+# -    allow_ext_service="
+# -       80.152.216.128:9998:tcp 
+# -       80.152.216.128:8443:tcp
+# -    "
+# -
+# - Blank separated list
+# -
+allow_ext_service=""
+
+
+# -------------
+# ---- Allow extern IP-Address/Network
+# -------------
+
+# - allow_ext_net
+# -
+# - allow_ext_net="<ext-ip> [<ext-ip> [ ..!
+# -
+# - Allow all traffic to the given extern network/ip-address.
+# -
+# - Example:
+# -    allow_ext_net="80.152.216.128 84.140.157.102"
+# -
+# - Blank separated list
+# -
+allow_ext_net=""
+
+
+# -------------
+# ---- Allow (non-standard) local Services 
+# -------------
+
+# - allow_local_service
+# -
+# - allow_local_service="<port:protocol> [<port>:<protocol> [.."
+# -
+# - Allow all traffic to given local service
+# -
+# - Example:
+# -    allow_local_service="8443:tcp 8080:tcp"
+# -
+# - Blank separated list
+# -
+allow_local_service=""
+
+
 # -------------
 # --- Services local Network
 # -------------
@@ -579,6 +637,30 @@ for _val in $restrict_local_net_to_net ; do
   restrict_local_net_to_net_arr+=("$_val")
 done

+# ---
+# - Allow extern Service 
+# ---
+declare -a allow_ext_service_arr
+for _val in $allow_ext_service ; do
+   allow_ext_service_arr+=("$_val")
+done
+
+# ---
+# - Allow extern IP-Address/Network
+# ---
+declare -a allow_ext_net_arr
+for _net in $allow_ext_net ; do
+   allow_ext_net_arr+=("$_net")
+done
+
+# ---
+# - Allow (non-standard) local Services 
+# ---
+declare -a allow_local_service_arr
+for _val in $allow_local_service ; do
+   allow_local_service_arr+=("$_val")
+done
+
 # ---
 # - Generally block ports
 # ---