From 0c36bef2aa9831e84cf8d908b37dd710ec6aacd3 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Wed, 16 Mar 2022 23:46:38 +0100
Subject: [PATCH] skip IPv6 addresses in Docker section

---
 minifirewall | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/minifirewall b/minifirewall
index 62f6fce..0a06eda 100755
--- a/minifirewall
+++ b/minifirewall
@@ -478,34 +478,46 @@ start() {
         # Privileged services (accessible from privileged & trusted IPs)
         for dstport in ${SERVICESTCP2}; do
             for srcip in ${PRIVILEGIEDIPS}; do
-                ${IPT} -I MINIFW-DOCKER-PRIVILEGED -p tcp -s "${srcip}" --dport "${dstport}" -j RETURN
+                if ! is_ipv6 ${srcip}; then
+                    ${IPT} -I MINIFW-DOCKER-PRIVILEGED -p tcp -s "${srcip}" --dport "${dstport}" -j RETURN
+                fi
             done
 
             for srcip in ${TRUSTEDIPS}; do
-                ${IPT} -I MINIFW-DOCKER-PRIVILEGED -p tcp -s "${srcip}" --dport "${dstport}" -j RETURN
+                if ! is_ipv6 ${srcip}; then
+                    ${IPT} -I MINIFW-DOCKER-PRIVILEGED -p tcp -s "${srcip}" --dport "${dstport}" -j RETURN
+                fi
             done
         done
 
         for dstport in ${SERVICESUDP2}; do
             for srcip in ${PRIVILEGIEDIPS}; do
-                ${IPT} -I MINIFW-DOCKER-PRIVILEGED -p udp -s "${srcip}" --dport "${dstport}" -j RETURN
+                if ! is_ipv6 ${srcip}; then
+                    ${IPT} -I MINIFW-DOCKER-PRIVILEGED -p udp -s "${srcip}" --dport "${dstport}" -j RETURN
+                fi
             done
 
             for srcip in ${TRUSTEDIPS}; do
-                ${IPT} -I MINIFW-DOCKER-PRIVILEGED -p udp -s "${srcip}" --dport "${dstport}" -j RETURN
+                if ! is_ipv6 ${srcip}; then
+                    ${IPT} -I MINIFW-DOCKER-PRIVILEGED -p udp -s "${srcip}" --dport "${dstport}" -j RETURN
+                fi
             done
         done
 
         # Trusted services (accessible from trusted IPs)
         for dstport in ${SERVICESTCP3}; do
             for srcip in ${TRUSTEDIPS}; do
-                ${IPT} -I MINIFW-DOCKER-TRUSTED -p tcp -s "${srcip}" --dport "${dstport}" -j RETURN
+                if ! is_ipv6 ${srcip}; then
+                    ${IPT} -I MINIFW-DOCKER-TRUSTED -p tcp -s "${srcip}" --dport "${dstport}" -j RETURN
+                fi
             done
         done
 
         for dstport in ${SERVICESUDP3}; do
             for srcip in ${TRUSTEDIPS}; do
-                ${IPT} -I MINIFW-DOCKER-TRUSTED -p udp -s "${srcip}" --dport "${dstport}" -j RETURN
+                if ! is_ipv6 ${srcip}; then
+                    ${IPT} -I MINIFW-DOCKER-TRUSTED -p udp -s "${srcip}" --dport "${dstport}" -j RETURN
+                fi
             done
         done
     fi