diff options
| author | Simon Rettberg | 2023-02-16 14:33:57 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2023-02-16 14:33:57 +0100 |
| commit | 8d914d6a608790a0c477e412d9d78c0bbc32d1b8 (patch) | |
| tree | 74aa331ca9b6a830af4794efee9ae767bc9460bc /core/modules/printergui | |
| parent | [hardware-stats] Increase timeouts again (diff) | |
| download | mltk-8d914d6a608790a0c477e412d9d78c0bbc32d1b8.tar.gz mltk-8d914d6a608790a0c477e412d9d78c0bbc32d1b8.tar.xz mltk-8d914d6a608790a0c477e412d9d78c0bbc32d1b8.zip | |
[printergui] Simplify iptables rules
Diffstat (limited to 'core/modules/printergui')
| -rwxr-xr-x | core/modules/printergui/data/opt/openslx/iptables/rules.d/50-lpd-redirect-and-fw | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/core/modules/printergui/data/opt/openslx/iptables/rules.d/50-lpd-redirect-and-fw b/core/modules/printergui/data/opt/openslx/iptables/rules.d/50-lpd-redirect-and-fw index 6e465533..8e73536c 100755 --- a/core/modules/printergui/data/opt/openslx/iptables/rules.d/50-lpd-redirect-and-fw +++ b/core/modules/printergui/data/opt/openslx/iptables/rules.d/50-lpd-redirect-and-fw @@ -1,17 +1,13 @@ #!/bin/ash -# Redirect from VM to lpd -for br in br0 nat1 vsw2; do - [ -d "/sys/class/net/${br}/brif" ] || continue - devs=$(ls -1 "/sys/class/net/${br}/brif/") - for dev in $devs; do - case "$dev" in boot0|eth?|eth??|tun?|tun??) continue ;; esac - iptables -t nat -A PREROUTING -d 192.168.101.1 -p tcp --dport 515 -j REDIRECT --to-port 5515 - iptables -t nat -A PREROUTING -d 192.169.101.1 -p tcp --dport 515 -j REDIRECT --to-port 5515 - iptables -t nat -A PREROUTING -d 100.100.100.100 -p tcp --dport 515 -j REDIRECT --to-port 5515 - done -done +# Redirect from VM to lpd - outside should not get routed anyways, so checking destination should +# be enough +iptables -t nat -A PREROUTING -d 192.168.101.1 -p tcp --dport 515 -j REDIRECT --to-port 5515 +iptables -t nat -A PREROUTING -d 192.169.101.1 -p tcp --dport 515 -j REDIRECT --to-port 5515 +iptables -t nat -A PREROUTING -d 100.100.100.100 -p tcp --dport 515 -j REDIRECT --to-port 5515 # Close from outside +iptables -A INPUT -s 192.168.101.0/24 -p tcp --dport 5515 -j ACCEPT +iptables -A INPUT -p tcp --dport 5515 -j ACCEPT iptables -A INPUT -p tcp --dport 515 -j DROP exit 0 |