safebox/firewall_containers
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Introduced SOURCE_IFACE variable

Browse Source
This commit is contained in:
Gyorgy Berenyi
2023-04-27 10:44:43 +00:00
parent 5825811547
commit fa8de49a28
1 changed files with 20 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
firewall/firewall-add
View File

@@ -150,7 +150,9 @@ fi;
if [[ -z "$SOURCE_IP" ]]; then if [[ -z "$SOURCE_IP" ]]; then
if [[ -z "$SOURCE" ]]; then if [[ -z "$SOURCE" ]]; then
#SOURCE_IP="0.0.0.0/0"; #SOURCE_IP="0.0.0.0/0";
echo "No source IP added" echo "No source IP added";
elif [ "$SOURCE" == "SOURCE_IFACE" ]; then
echo "VPN interface added instead of IP or domain name";
else else
IDX=0 IDX=0
for i in $(echo $SOURCE) ; do for i in $(echo $SOURCE) ; do
@@ -244,24 +246,28 @@ fi
prerouting() { prerouting() {
if [ "$SOURCE_IP" != "" ]; then if [ "$SOURCE" == "SOURCE_IFACE" ]; then
debug "$IPTABLES -I PREROUTING -i $SOURCE_IFACE -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment $COMMENT -j DNAT --to $TARGET_IP:$TARGET_PORT"
$IPTABLES -w -I PREROUTING -i $SOURCE_IFACE -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT
elif [ "$SOURCE_IP" != "" ]; then
if [ "$SOURCE_PORT" != "" ]; then if [ "$SOURCE_PORT" != "" ]; then
if [ "$TARGET_IP" != "" ]; then if [ "$TARGET_IP" != "" ]; then
if [ "$TARGET_PORT" != "" ]; then if [ "$TARGET_PORT" != "" ]; then
LINES=$($IPTABLES -w -L --line-number -n | grep DNAT | grep $SOURCE_PORT |grep $TARGET_IP |grep $TARGET_PORT |grep $COMMENT | awk '{print $1}'| tac) LINES=$($IPTABLES -w -L --line-number -n | grep DNAT | grep $SOURCE_PORT |grep $TARGET_IP |grep $TARGET_PORT |grep $COMMENT | awk '{print $1}'| tac)
debug "Previous prerouting lines: "$LINES debug "Previous prerouting lines: "$LINES
# DELETE UNECESSARY LINES FROM PREVIOUS RULES # DELETE UNECESSARY LINES FROM PREVIOUS RULES
if [ -n "$LINES" ] ; then if [ -n "$LINES" ] ; then
for i in $LINES; do for i in $LINES; do
debug "$IPTABLES -D PREROUTING $i"; debug "$IPTABLES -D PREROUTING $i";
$IPTABLES -w -D PREROUTING $i $IPTABLES -w -D PREROUTING $i
sleep 0.1 sleep 0.1
done done
fi fi
debug "$IPTABLES -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment $COMMENT -j DNAT --to $TARGET_IP:$TARGET_PORT" debug "$IPTABLES -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment $COMMENT -j DNAT --to $TARGET_IP:$TARGET_PORT"
$IPTABLES -w -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT $IPTABLES -w -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT
fi fi
fi fi
fi fi