Re: [Astlinux-users] Large number of Firewall entries

Lonnie Abelbeck Sun, 26 Sep 2021 16:47:28 -0700

Hi Michael,

With 300 rules and the same across all your boxes, I would use 
/mnt/kd/arno-iptables-firewall/custom-rules to define these.


Very similar to the deny_ext_local() example I posted recently, but the reverse 
... pass_ext_local() using -j ACCEPT

Without testing, something like ...
--
pass_ext_local()
{
  local proto="$1" host="$2" port="$3"

  echo "[CUSTOM RULE] Pass EXT->Local for Proto: $proto, Host: $host, Port: 
$port"
  iptables -A EXT_INPUT_CHAIN -s $host -p $proto --dport $port -j ACCEPT
}
## uncomment to enable ##
#pass_ext_local udp 1.2.3.4 5060
#pass_ext_local tcp 1.2.3.0/24 5061
--

If you only use udp/5060, you could simplify things, maybe only one "echo" 
statement and a variable defining all 300 IPs.  Generic shell scripting.

Again untested ...
--
pass_ext_local_udp_sip()
{
  local host proto="udp" port="5060" IFS
  local sip_hosts="1.2.3.4 1.22.33.40 1.22.33.41 1.22.33.42 1.22.33.43 
1.22.33.44 1.22.33.45 1.22.33.46 1.22.33.47 1.22.33.48"

  echo "[CUSTOM RULE] Pass EXT->Local for UDP/5060 SIP Hosts"
  unset IFS
  for host in $sip_hosts; do
    iptables -A EXT_INPUT_CHAIN -s $host -p $proto --dport $port -j ACCEPT
  done
}
pass_ext_local_udp_sip
--

Alternatively, you could define the sip_hosts variable with a file if desired.

Lonnie





> On Sep 26, 2021, at 5:32 PM, Michael Knill 
> <michael.kn...@ipcsolutions.com.au> wrote:
> 
> Hi Group
>  
> I'm looking to have a large number of firewall entries in Astlinux e.g. 300. 
> They would be all the same e.g. I want to open port 5060 from multiple sites.
> Is there an easier/neater way to do this other than lots of firewall entries 
> in the Firewall Tab?
>  
> Regards
>  
> Michael Knill
> Managing Director
>  
> D: +61 2 6189 1360
> P: +61 2 6140 4656
> E: michael.kn...@ipcsolutions.com.au
> W: ipcsolutions.com.au
>  
>  <image001.png>
> Smarter Business Communications
>  
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.



_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Re: [Astlinux-users] Large number of Firewall entries

Reply via email to