"Fossies" - the Fresh Open Source Software Archive

Member "aif-2.1.1/share/arno-iptables-firewall/plugins/dyndns-host-open-helper" (16 Sep 2020, 5527 Bytes) of package /linux/privat/aif-2.1.1.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "dyndns-host-open-helper": 2.1.0_vs_2.1.1.

    1 # The plugin configuration file
    2 ###############################
    3 PLUGIN_CONF_FILE="dyndns-host-open.conf"
    4 
    5 # Preinit return value for success
    6 PLUGIN_RET_VAL=0
    7 
    8 # Check sanity of environment
    9 dyndns_host_open_helper_sanity_check()
   10 {
   11   if [ -z "$DYNDNS_HOST_OPEN_TCP" -a -z "$DYNDNS_HOST_OPEN_UDP" -a \
   12        -z "$DYNDNS_HOST_OPEN_IP"  -a -z "$DYNDNS_HOST_OPEN_ICMP" ]; then
   13     echo "** ERROR: The plugin config file is not (properly) setup!" >&2
   14     return 1
   15   fi
   16 
   17   # Check whether chain exists
   18   if ! ip4tables -nL DYNDNS_CHAIN >/dev/null 2>&1; then
   19     echo "** ERROR: DYNDNS_CHAIN does not exist! **" >&2
   20     return 1
   21   fi
   22 
   23   # Check if chain is inserted in the main chains
   24 #  if ! ip4tables -nL EXT_INPUT_CHAIN |grep -q '^DYNDNS_CHAIN '; then
   25 #    echo "** ERROR: DYNDNS_CHAIN is not inserted in the EXT_INPUT_CHAIN chain! **" >&2
   26 #    return 1
   27 #  fi
   28 
   29   return 0
   30 }
   31 
   32 
   33 dyndns_host_open_helper_do_work()
   34 {
   35   local RETVAL=0
   36 
   37   # Flush the DYNDNS_CHAIN
   38   iptables -F DYNDNS_CHAIN
   39 
   40   # Add TCP ports to allow for certain hosts
   41   ##########################################
   42   unset IFS
   43   for rule in $DYNDNS_HOST_OPEN_TCP; do
   44     if parse_rule "$rule" DYNDNS_HOST_OPEN_TCP "interfaces-destips-hosts-ports"; then
   45       echo "${INDENT}$(show_if_ip "$interfaces" "$destips")Allowing $hosts for TCP port(s): $ports"
   46 
   47       IFS=' ,'
   48       for host in $hosts; do
   49         # get_dynamic_host_cached returns hostname in $host_ip
   50         if ! get_dynamic_host_cached $host || [ -z "$host_ip" ]; then
   51           echo "** WARNING: Skipping TCP rule(s) for \"$host\"! **" >&2
   52           RETVAL=1
   53           continue
   54         fi
   55 
   56         for interface in $interfaces; do
   57           for host_ip2 in $host_ip; do
   58             for destip in $destips; do
   59               for port in $ports; do
   60                 iptables -A DYNDNS_CHAIN $(ipt_if -i "$interface") -s $host_ip2 -d $destip -p tcp --dport $port -j ACCEPT
   61               done
   62             done
   63           done
   64         done
   65       done
   66     fi
   67   done
   68 
   69   # Add UDP ports to allow for certain hosts
   70   ##########################################
   71   unset IFS
   72   for rule in $DYNDNS_HOST_OPEN_UDP; do
   73     if parse_rule "$rule" DYNDNS_HOST_OPEN_UDP "interfaces-destips-hosts-ports"; then
   74       echo "${INDENT}$(show_if_ip "$interfaces" "$destips")Allowing $hosts for UDP port(s): $ports"
   75 
   76       IFS=' ,'
   77       for host in $hosts; do
   78         # get_dynamic_host_cached returns hostname in $host_ip
   79         if ! get_dynamic_host_cached $host || [ -z "$host_ip" ]; then
   80           echo "** WARNING: Skipping UDP rule(s) for \"$host\"! **" >&2
   81           RETVAL=1
   82           continue
   83         fi
   84 
   85         for interface in $interfaces; do
   86           for host_ip2 in $host_ip; do
   87             for destip in $destips; do
   88               for port in $ports; do
   89                 iptables -A DYNDNS_CHAIN $(ipt_if -i "$interface") -s $host_ip2 -d $destip -p udp --dport $port -j ACCEPT
   90               done
   91             done
   92           done
   93         done
   94       done
   95     fi
   96   done
   97 
   98   # Add IP protocols to allow for certain hosts
   99   #############################################
  100   unset IFS
  101   for rule in $DYNDNS_HOST_OPEN_IP; do
  102     if parse_rule "$rule" DYNDNS_HOST_OPEN_IP "interfaces-destips-hosts-protos"; then
  103       echo "${INDENT}$(show_if_ip "$interfaces" "$destips")Allowing $hosts for IP protocol(s): $protos"
  104 
  105       IFS=' ,'
  106       for host in $hosts; do
  107         # get_dynamic_host_cached returns hostname in $host_ip
  108         if ! get_dynamic_host_cached $host || [ -z "$host_ip" ]; then
  109           echo "** WARNING: Skipping IP rule(s) for \"$host\"! **" >&2
  110           RETVAL=1
  111           continue
  112         fi
  113 
  114         for interface in $interfaces; do
  115           for host_ip2 in $host_ip; do
  116             for destip in $destips; do
  117               for proto in $protos; do
  118                 iptables -A DYNDNS_CHAIN $(ipt_if -i "$interface") -s $host_ip2 -d $destip -p $proto -j ACCEPT
  119               done
  120             done
  121           done
  122         done
  123       done
  124     fi
  125   done
  126 
  127   # Add ICMP to allow for certain hosts
  128   #####################################
  129   unset IFS
  130   for rule in $DYNDNS_HOST_OPEN_ICMP; do
  131     if parse_rule "$rule" DYNDNS_HOST_OPEN_ICMP "interfaces-destips-hosts"; then
  132       echo "${INDENT}$(show_if_ip "$interfaces" "$destips")Allowing $hosts for ICMP-requests(ping)"
  133 
  134       IFS=' ,'
  135       for host in $hosts; do
  136         # get_dynamic_host_cached returns hostname in $host_ip
  137         if ! get_dynamic_host_cached $host || [ -z "$host_ip" ]; then
  138           echo "** WARNING: Skipping ICMP rule(s) for \"$host\"! **" >&2
  139           RETVAL=1
  140           continue
  141         fi
  142 
  143         for interface in $interfaces; do
  144           for host_ip2 in $host_ip; do
  145             for destip in $destips; do
  146               iptables -A DYNDNS_CHAIN $(ipt_if -i "$interface") -s $host_ip2 -d $destip -p icmp --icmp-type echo-request -j ACCEPT
  147             done
  148           done
  149         done
  150       done
  151     fi
  152   done
  153 
  154   return $RETVAL
  155 }
  156 
  157 
  158 ############
  159 # Mainline #
  160 ############
  161 
  162 # Check where to find the config file
  163 CONF_FILE=""
  164 if [ -n "$PLUGIN_CONF_PATH" ]; then
  165   CONF_FILE="$PLUGIN_CONF_PATH/$PLUGIN_CONF_FILE"
  166 fi
  167 
  168 # Check if the config file exists
  169 if [ ! -f "$CONF_FILE" ]; then
  170   echo "** ERROR: Config file \"$CONF_FILE\" not found! **" >&2
  171   PLUGIN_RET_VAL=1
  172 else
  173   # Source the plugin config file
  174   . "$CONF_FILE"
  175 
  176   # Only proceed if environment ok
  177   if ! dyndns_host_open_helper_sanity_check; then
  178     PLUGIN_RET_VAL=1
  179   else
  180     # Parse rules
  181     if ! dyndns_host_open_helper_do_work; then
  182       PLUGIN_RET_VAL=1
  183     fi
  184   fi
  185 fi