Add macro for backup servers
This commit is contained in:
parent
9be97b2436
commit
275a4c5bab
13
minifirewall
13
minifirewall
|
@ -85,6 +85,7 @@ SSHOK=''
|
||||||
SMTPOK=''
|
SMTPOK=''
|
||||||
SMTPSECUREOK=''
|
SMTPSECUREOK=''
|
||||||
NTPOK=''
|
NTPOK=''
|
||||||
|
BACKUPSERVERS=''
|
||||||
|
|
||||||
legacy_config_file="/etc/firewall.rc"
|
legacy_config_file="/etc/firewall.rc"
|
||||||
config_file="/etc/default/minifirewall"
|
config_file="/etc/default/minifirewall"
|
||||||
|
@ -405,6 +406,18 @@ start() {
|
||||||
${IPT} -A OUTPUT -o ${INT} -p udp -d ${src} --dport 123 --match state --state NEW -j ACCEPT
|
${IPT} -A OUTPUT -o ${INT} -p udp -d ${src} --dport 123 --match state --state NEW -j ACCEPT
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Output for backup servers
|
||||||
|
for server in ${BACKUPSERVERS}; do
|
||||||
|
server_ip=$(echo "${server}" | cut -d ':' -f1)
|
||||||
|
server_port=$(echo "${server}" | cut -d ':' -f2)
|
||||||
|
if [ -n "${server_ip}" ] && [ -n "${server_port}" ]; then
|
||||||
|
${IPT} -A INPUT -p tcp --sport "${server_port}" --dport 1024:65535 -s "${server_ip}" -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
|
else
|
||||||
|
echo "Unrecognized syntax for BACKUPSERVERS '${server}\`. Use space-separated IP:PORT tuples." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
# Always allow ICMP
|
# Always allow ICMP
|
||||||
${IPT} -A INPUT -p icmp -j ACCEPT
|
${IPT} -A INPUT -p icmp -j ACCEPT
|
||||||
if is_ipv6_enabled; then
|
if is_ipv6_enabled; then
|
||||||
|
|
|
@ -78,6 +78,10 @@ SMTPSECUREOK=''
|
||||||
NTPOK='0.0.0.0/0'
|
NTPOK='0.0.0.0/0'
|
||||||
|
|
||||||
|
|
||||||
|
# Backup servers
|
||||||
|
# (add IP:PORT for each one, example: '192.168.10.1:1234 192.168.10.2:5678')
|
||||||
|
BACKUPSERVERS=''
|
||||||
|
|
||||||
# Includes
|
# Includes
|
||||||
#####################
|
#####################
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue