scip/jaildk
1
0
Fork 0
mirror of https://codeberg.org/scip/jaildk.git synced 2025-12-18 13:11:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed pf ipv6 rule generation

Browse Source
This commit is contained in:
Thomas von Dein
2021-07-07 07:21:22 +02:00
parent 3c7fdf45db
commit 4d81b9c14b
1 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
jaildk
View File

@@ -343,6 +343,7 @@ rc_pf() {
# we need to make sure the ip address doesn't contain a mask which # we need to make sure the ip address doesn't contain a mask which
# is not required for these rules # is not required for these rules
ipv4=$(dirname $ip) ipv4=$(dirname $ip)
ipv6=$(dirname $ip6)
if test -n "$ipv4" -a -n "$maps"; then if test -n "$ipv4" -a -n "$maps"; then
# nat and rdr come first # nat and rdr come first
@@ -395,9 +396,9 @@ rc_pf() {
pf_nat $extif $ipv4 ${masq_ip} >> $ruleset pf_nat $extif $ipv4 ${masq_ip} >> $ruleset
fi fi
if test -n "$ipv4" -a -n "$rules"; then if test -n "$ip6" -a -n "$rules"; then
# rules="open web"
# only required for ipv6, ipv4 is already opened with exposed ports # only required for ipv6, ipv4 is already opened with exposed ports
# rules="open web"
# rule_open="any" # rule_open="any"
# rule_web_proto="tcp" # rule_web_proto="tcp"
# rule_web_port="80,443" # rule_web_port="80,443"
@@ -406,10 +407,8 @@ rc_pf() {
eval eport=\${rule_${rule}_port} eval eport=\${rule_${rule}_port}
if test -n "${port}"; then if test -n "${port}"; then
if test -n "${ip6}"; then echo "# from map $map" >> $ruleset
echo "# from map $map" >> $ruleset pf_rule $extif ${proto} ${ipv6} ${eport} inet6 >> $ruleset
pf_rule $extif ${proto} ${ip6} ${eport} inet6 >> $ruleset
fi
else else
echo "Warning: incomplete rule: $rule!" echo "Warning: incomplete rule: $rule!"
continue continue