Add 'mail_client_ips', 'restrict_local_service_to_net', 'restrict_local_net_to_net'.
This commit is contained in:
@@ -197,19 +197,6 @@ local_munin_service=false
|
||||
munin_remote_port="4949"
|
||||
|
||||
|
||||
# -------------
|
||||
# - Protocols Out
|
||||
# -------------
|
||||
|
||||
# - Rsync Protocol
|
||||
# -
|
||||
# - Needed for some integrated provider of clamav-unofficial-sigs
|
||||
# -
|
||||
local_rsync_out=false
|
||||
rsync_out_ips=""
|
||||
rsync_ports="873"
|
||||
|
||||
|
||||
# -------------
|
||||
# --- Services local Network
|
||||
# -------------
|
||||
@@ -236,6 +223,71 @@ guest_ips="$guest_1_ips $guest_2_ips $guest_3_ips $guest_4_ips $guest_5_ips $gue
|
||||
lxc_ips="$guest_ips"
|
||||
vserver_ips=""
|
||||
|
||||
|
||||
# -------------
|
||||
# - Protocols Out
|
||||
# -------------
|
||||
|
||||
# - Rsync Protocol
|
||||
# -
|
||||
# - Needed for some integrated provider of clamav-unofficial-sigs
|
||||
# -
|
||||
local_rsync_out=false
|
||||
rsync_out_ips=""
|
||||
rsync_ports="873"
|
||||
|
||||
|
||||
# -------------
|
||||
# ---- Restrict local Servive to given (extern) IP-Address/Network
|
||||
# -------------
|
||||
|
||||
# - restrict_local_service_to_net
|
||||
# -
|
||||
# - restrict_local_service_to_net="ext-netr,local-address,port,protocol"
|
||||
# -
|
||||
# - Note:
|
||||
# - =====
|
||||
# - - Only 'tcp' and 'udp' are allowed valuse for protocol.
|
||||
# - - Traffic recieved on natted interfaces will be ommitted!
|
||||
# -
|
||||
# - Use this parameter to (only) give some extern netwoks access to special local
|
||||
# - services.
|
||||
# -
|
||||
# - Example:
|
||||
# - allow access from 2003:45:4612:3a00::/56 to tcp service at 2a01:30:0:13:211:84ff:feb7:7f9c on port 1036
|
||||
# - allow access from 2a01:30:1fff:fd00:: to https service at 2a01:30:0:13:211:84ff:feb7:7f9c
|
||||
# -
|
||||
# - restrict_local_service_to_net="2003:45:4612:3a00::/56,2a01:30:0:13:211:84ff:feb7:7f9c,1036,tcp
|
||||
# - 2a01:30:1fff:fd00::/64,2a01:30:0:13:211:84ff:feb7:7f9c,443,tcp"
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
restrict_local_service_to_net=""
|
||||
|
||||
|
||||
# -------------
|
||||
# ---- Restrict local Network to given extern IP-Address/Network
|
||||
# -------------
|
||||
|
||||
# - restrict_local_net_to_net
|
||||
# -
|
||||
# - restrict_local_net_to_net="<src-ext-net>,<dst-local-net> [<src-ext-net>,<dst-local-net>] [..]"
|
||||
# -
|
||||
# - All traffic from the given first network to the given second network is allowed
|
||||
# -
|
||||
# - Note:
|
||||
# - =====
|
||||
# - - Traffic recieved on natted interfaces will be ommitted!
|
||||
# - - If you want allow both directions, you have to make two entries - one for evry directions.
|
||||
# -
|
||||
# - Example:
|
||||
# - allow_ext_net_to_local_net="2003:45:4612:3a00::/56,2a01:30:0:13:211:84ff:feb7:7f9c/128
|
||||
# - 2a01:30:1fff:fd00::/64,2a01:30:0:13:211:84ff:feb7:7f9c/128"
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
restrict_local_net_to_net=""
|
||||
|
||||
# - Remote Munin Server
|
||||
# -
|
||||
munin_remote_ip="2a01:30:0:13:2b3:bdff:fe13:cbf4"
|
||||
@@ -261,6 +313,10 @@ smtpd_ips=""
|
||||
# -
|
||||
mail_server_ips=""
|
||||
|
||||
# - Mail Client (smtps/pop(s)/imap(s)
|
||||
# -
|
||||
mail_client_ips=""
|
||||
|
||||
# - FTP Server
|
||||
# -
|
||||
ftp_server_ips=""
|
||||
@@ -286,9 +342,11 @@ local_xymon_client=false
|
||||
# -------------
|
||||
|
||||
# - TCP Ports
|
||||
# -
|
||||
tcp_out_ports=""
|
||||
|
||||
# - UDP Ports
|
||||
# -
|
||||
udp_out_ports=""
|
||||
|
||||
|
||||
@@ -422,6 +480,7 @@ done
|
||||
|
||||
# ---
|
||||
# - Local Network Interfaces
|
||||
# ---
|
||||
declare -a local_if_arr
|
||||
for _dev in $local_ifs ; do
|
||||
local_if_arr+=("$_dev")
|
||||
@@ -443,6 +502,22 @@ for _dev in $unprotected_ifs ; do
|
||||
unprotected_if_arr+=("$_dev")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Restrict local Servive to given IP-Address/Network
|
||||
# ---
|
||||
declare -a restrict_local_service_to_net_arr
|
||||
for _val in $restrict_local_service_to_net ; do
|
||||
restrict_local_service_to_net_arr+=("$_val")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Restrict local Network to given IP-Address/Network
|
||||
# ---
|
||||
declare -a restrict_local_net_to_net_arr
|
||||
for _val in $restrict_local_net_to_net ; do
|
||||
restrict_local_net_to_net_arr+=("$_val")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Generally block ports
|
||||
# ---
|
||||
@@ -505,13 +580,22 @@ for _ip in $smtpd_ips ; do
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Mail POP/IMAP Server
|
||||
# - Mail Services (smtps/pop(s)/imap(s)
|
||||
# ---
|
||||
declare -a mail_server_ips_arr
|
||||
for _ip in $mail_server_ips ; do
|
||||
mail_server_ips_arr+=("$_ip")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Mail client (smtps/pop(s)/imap(s)
|
||||
# ---
|
||||
# local
|
||||
declare -a mail_client_ips_arr
|
||||
for _ip in $mail_client_ips ; do
|
||||
mail_client_ips_arr+=("$_ip")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - IP Addresses Mumble Server
|
||||
# ---
|
||||
|
||||
Reference in New Issue
Block a user