cmaffio/pannello
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Modifica su firewall per regole iptables

Browse Source
This commit is contained in:
Claudio Maffioletti
2017-05-10 10:35:45 +02:00
parent 468727e8c0
commit d6f3443ad8
1 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
firewall/firewall_library.php
View File

@@ -138,20 +138,20 @@ function genera_int () {
if ($stato == 2) $perm = "PERMANENTE"; else $perm = "";
$regola = "### START REGOLA-I$id $perm ###\n";
$regola .= "iptables -I PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port\n";
$regola .= "iptables -A PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port\n";
$regola .= "iptables -N REGOLA-I$id\n";
$regola .= "iptables -I REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT\n";
$regola .= "iptables -I REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT\n";
$regola .= "iptables -I FORWARD -j REGOLA-I$id\n";
$regola .= "iptables -A REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT\n";
$regola .= "iptables -A REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT\n";
$regola .= "iptables -A FORWARD -j REGOLA-I$id\n";
$regola .= "### STOP REGOLA-I$id $perm ###\n";
array_push($file, $regola);
$regola = "iptables -I PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port; ";
$regola = "iptables -A PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port; ";
$regola .= "iptables -N REGOLA-I$id; ";
$regola .= "iptables -I REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT; ";
$regola .= "iptables -I REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT; ";
$regola .= "iptables -I FORWARD -j REGOLA-I$id; ";
$regola .= "iptables -A REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT; ";
$regola .= "iptables -A REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT; ";
$regola .= "iptables -A FORWARD -j REGOLA-I$id; ";
$esegui['REGOLA-I'.$id] = $regola;
}
@@ -250,17 +250,17 @@ function genera_ext () {
$regola = "### START REGOLA-U$id $perm ###\n";
$regola .= "iptables -N REGOLA-U$id\n";
$regola .= "iptables -I REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT\n";
$regola .= "iptables -I REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT\n";
$regola .= "iptables -I FORWARD -j REGOLA-U$id\n";
$regola .= "iptables -A REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT\n";
$regola .= "iptables -A REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT\n";
$regola .= "iptables -A FORWARD -j REGOLA-U$id\n";
$regola .= "### STOP REGOLA-U$id $perm ###\n";
array_push($file, $regola);
$regola = "iptables -N REGOLA-U$id; ";
$regola .= "iptables -I REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT; ";
$regola .= "iptables -I REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT; ";
$regola .= "iptables -I FORWARD -j REGOLA-U$id";
$regola .= "iptables -A REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT; ";
$regola .= "iptables -A REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT; ";
$regola .= "iptables -A FORWARD -j REGOLA-U$id";
$esegui['REGOLA-U'.$id] = $regola;
}