mirror/iopsys-feed
1
0
Fork 0
mirror of https://dev.iopsys.eu/feed/iopsys.git synced 2026-02-09 13:23:01 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
iopsys-feed/bbf/files/etc/firewall.userinterface
suvendhu 649d57c9d3 bbf: removed shellcheck errors
2023-02-15 16:52:07 +05:30

85 lines
2.1 KiB
Bash
Executable file
Raw Blame History

#!/bin/sh
#!/bin/sh
. /lib/functions.sh
IDENTIFIER="REMOTE-ACCESS-WAN"
log() {
echo "${@}"|logger -t firewall.userinterface -p info
}
if [ ! -f "/etc/config/userinterface" ]; then
exit 0;
fi
exec_cmd() {
if ! "$@"; then
log "Failed to run [$*]"
fi
}
configure_firewall_rule() {
local enable port protocol gui_port
local zone interface
config_load userinterface
config_get_bool enable remote_access enable 1
config_get port remote_access port
config_get interface remote_access interface
if [ "${enable}" -eq "0" ] || [ -z "${port}" ] || [ -z "${interface}" ]; then
return 0;
fi
zone="zone_${interface}_input"
iptables -w 1 -t filter -nL "${zone}" 2>/dev/null 1>&2
if [ "$?" -eq 0 ]; then
iptables -w 1 -I "${zone}" -p tcp -m multiport --dports "${port}" -m conntrack --ctstate NEW,ESTABLISHED -m comment --comment "${IDENTIFIER}" -j ACCEPT
fi
zone="zone_${interface}_output"
iptables -w 1 -t filter -nL "${zone}" 2>/dev/null 1>&2
if [ "$?" -eq 0 ]; then
iptables -w 1 -I "${zone}" -p tcp -m multiport --dports "${port}" -m conntrack --ctstate ESTABLISHED -m comment --comment "${IDENTIFIER}" -j ACCEPT
fi
}
delete_firewall_rule() {
local zone interface
local CMD
config_load userinterface
config_get interface remote_access interface
# Clean remote interface rules
if [ -z "${interface}" ]; then
return 0
fi
zone="zone_${interface}_input"
CMD="iptables -w 1 -t filter -nL ${zone} --line-numbers"
while ${CMD} 2>/dev/null | grep "${IDENTIFIER}"; do
rule_num="$(${CMD} | grep "${IDENTIFIER}" | head -1|awk '{print $1}')"
if [ -n "${rule_num}" ]; then
exec_cmd iptables -w 1 -t filter -D "${zone}" "${rule_num}";
fi
done
zone="zone_${interface}_output"
CMD="iptables -w 1 -t filter -nL ${zone} --line-numbers"
while ${CMD} 2>/dev/null | grep "${IDENTIFIER}"; do
rule_num="$(${CMD} | grep "${IDENTIFIER}" | head -1|awk '{print $1}')"
if [ -n "${rule_num}" ]; then
exec_cmd iptables -w 1 -t filter -D "${zone}" "${rule_num}";
fi
done
}
# Delete existing remote access rules
delete_firewall_rule
# Configure the User Interface rule
configure_firewall_rule
Reference in a new issue View git blame Copy permalink