summaryrefslogtreecommitdiffstats
path: root/firewall
diff options
context:
space:
mode:
Diffstat (limited to 'firewall')
-rwxr-xr-xfirewall17
1 files changed, 13 insertions, 4 deletions
diff --git a/firewall b/firewall
index 517b6fe..f24503d 100755
--- a/firewall
+++ b/firewall
@@ -138,7 +138,7 @@ port_knocking()
return
fi
- local port=$1
+ local ports=$1
local knock_ports=$2
local knock_number=$3
local i=0
@@ -155,8 +155,10 @@ port_knocking()
iptables -A INPUT -i $WAN_INT -p tcp --dport $kport -m recent --set --name toc${tock_number}
fi
done
- log_action_msg "Port knocking for $port with combinaison $knock_ports on $WAN_INT"
- iptables -A INPUT -i $WAN_INT -p tcp --dport $port -m recent --rcheck --seconds 15 --name toc${tock_number} -m state --state NEW -j ACCEPT
+ log_action_msg "Port knocking for $ports with combinaison $knock_ports on $WAN_INT"
+ for port in $(echo $ports | sed 's/,/ /g'); do
+ iptables -A INPUT -i $WAN_INT -p tcp --dport $port -m recent --rcheck --seconds 15 --name toc${tock_number} -m state --state NEW -j ACCEPT
+ done
}
start()
@@ -257,11 +259,18 @@ start()
port_redirection $args
done
- ## Whitelist
+ ## Old: Whitelist
for arg in "${WHITELIST_SSH[@]}"; do
+ log_warning_msg "WHITELIST_SSH is obsolete: this option will be removed in next version"
open_port $arg tcp ssh
done
+ for ip in "${WHITELIST[@]}"; do
+ for args in "${WHITELIST_OPEN_PORTS[@]}"; do
+ open_port $ip $args
+ done
+ done
+
## NAT
if [ $NAT == 1 ]; then
log_action_msg "Activate nat"