Add macro for backup servers
This commit is contained in:
parent
9be97b2436
commit
275a4c5bab
13
minifirewall
13
minifirewall
|
@ -85,6 +85,7 @@ SSHOK=''
|
|||
SMTPOK=''
|
||||
SMTPSECUREOK=''
|
||||
NTPOK=''
|
||||
BACKUPSERVERS=''
|
||||
|
||||
legacy_config_file="/etc/firewall.rc"
|
||||
config_file="/etc/default/minifirewall"
|
||||
|
@ -405,6 +406,18 @@ start() {
|
|||
${IPT} -A OUTPUT -o ${INT} -p udp -d ${src} --dport 123 --match state --state NEW -j ACCEPT
|
||||
done
|
||||
|
||||
# Output for backup servers
|
||||
for server in ${BACKUPSERVERS}; do
|
||||
server_ip=$(echo "${server}" | cut -d ':' -f1)
|
||||
server_port=$(echo "${server}" | cut -d ':' -f2)
|
||||
if [ -n "${server_ip}" ] && [ -n "${server_port}" ]; then
|
||||
${IPT} -A INPUT -p tcp --sport "${server_port}" --dport 1024:65535 -s "${server_ip}" -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
else
|
||||
echo "Unrecognized syntax for BACKUPSERVERS '${server}\`. Use space-separated IP:PORT tuples." >&2
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
# Always allow ICMP
|
||||
${IPT} -A INPUT -p icmp -j ACCEPT
|
||||
if is_ipv6_enabled; then
|
||||
|
|
|
@ -78,6 +78,10 @@ SMTPSECUREOK=''
|
|||
NTPOK='0.0.0.0/0'
|
||||
|
||||
|
||||
# Backup servers
|
||||
# (add IP:PORT for each one, example: '192.168.10.1:1234 192.168.10.2:5678')
|
||||
BACKUPSERVERS=''
|
||||
|
||||
# Includes
|
||||
#####################
|
||||
|
||||
|
|
Loading…
Reference in a new issue