mirror of
https://dev.iopsys.eu/feed/iopsys.git
synced 2026-03-06 01:12:10 +01:00
88 lines
2.1 KiB
Bash
Executable file
88 lines
2.1 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
|
|
#!/bin/sh
|
|
|
|
. /lib/functions.sh
|
|
|
|
IDENTIFIER="REMOTE-ACCESS-WAN"
|
|
|
|
log() {
|
|
echo "${@}"|logger -t firewall.userinterface -p info
|
|
}
|
|
|
|
if [ ! -f "/etc/config/userinterface" ]; then
|
|
exit 0;
|
|
fi
|
|
|
|
function exec_cmd()
|
|
{
|
|
if ! $@; then
|
|
log "Failed to run [$@]"
|
|
fi
|
|
}
|
|
|
|
function configure_firewall_rule()
|
|
{
|
|
local enable port protocol gui_port
|
|
local zone interface
|
|
|
|
config_load userinterface
|
|
config_get_bool enable remote_access enable 1
|
|
config_get port remote_access port
|
|
config_get interface remote_access interface
|
|
|
|
if [ "${enable}" -eq "0" -o -z "${port}" -o -z "${interface}" ]; then
|
|
return 0;
|
|
fi
|
|
|
|
zone="zone_${interface}_input"
|
|
iptables -w 1 -t filter -nL ${zone} 2>/dev/null 1>&2
|
|
if [ "$?" -eq 0 ]; then
|
|
iptables -w 1 -I ${zone} -p tcp -m multiport --dports ${port} -m conntrack --ctstate NEW,ESTABLISHED -m comment --comment "${IDENTIFIER}" -j ACCEPT
|
|
fi
|
|
|
|
zone="zone_${interface}_output"
|
|
iptables -w 1 -t filter -nL ${zone} 2>/dev/null 1>&2
|
|
if [ "$?" -eq 0 ]; then
|
|
iptables -w 1 -I ${zone} -p tcp -m multiport --dports ${port} -m conntrack --ctstate ESTABLISHED -m comment --comment "${IDENTIFIER}" -j ACCEPT
|
|
fi
|
|
}
|
|
|
|
function delete_firewall_rule()
|
|
{
|
|
local zone interface
|
|
local CMD
|
|
|
|
config_load userinterface
|
|
config_get interface remote_access interface
|
|
|
|
# Clean remote interface rules
|
|
if [ -z "${interface}" ]; then
|
|
return 0
|
|
fi
|
|
|
|
zone="zone_${interface}_input"
|
|
CMD="iptables -w 1 -t filter -L ${zone} --line-numbers"
|
|
while ${CMD} 2>/dev/null | grep "${IDENTIFIER}"; do
|
|
rule_num="$(${CMD} | grep "${IDENTIFIER}" | head -1|awk '{print $1}')"
|
|
if [ -n "${rule_num}" ]; then
|
|
exec_cmd iptables -w 1 -t filter -D ${zone} ${rule_num};
|
|
fi
|
|
done
|
|
|
|
zone="zone_${interface}_output"
|
|
CMD="iptables -w 1 -t filter -L ${zone} --line-numbers"
|
|
while ${CMD} 2>/dev/null | grep "${IDENTIFIER}"; do
|
|
rule_num="$(${CMD} | grep "${IDENTIFIER}" | head -1|awk '{print $1}')"
|
|
if [ -n "${rule_num}" ]; then
|
|
exec_cmd iptables -w 1 -t filter -D ${zone} ${rule_num};
|
|
fi
|
|
done
|
|
}
|
|
|
|
# Delete existing remote access rules
|
|
delete_firewall_rule
|
|
|
|
# Configure the User Interface rule
|
|
configure_firewall_rule
|