From 8d914d6a608790a0c477e412d9d78c0bbc32d1b8 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 16 Feb 2023 14:33:57 +0100
Subject: [printergui] Simplify iptables rules

---
 .../openslx/iptables/rules.d/50-lpd-redirect-and-fw    | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

(limited to 'core/modules/printergui')

diff --git a/core/modules/printergui/data/opt/openslx/iptables/rules.d/50-lpd-redirect-and-fw b/core/modules/printergui/data/opt/openslx/iptables/rules.d/50-lpd-redirect-and-fw
index 6e465533..8e73536c 100755
--- a/core/modules/printergui/data/opt/openslx/iptables/rules.d/50-lpd-redirect-and-fw
+++ b/core/modules/printergui/data/opt/openslx/iptables/rules.d/50-lpd-redirect-and-fw
@@ -1,17 +1,13 @@
 #!/bin/ash
 
-# Redirect from VM to lpd
-for br in br0 nat1 vsw2; do
-	[ -d "/sys/class/net/${br}/brif" ] || continue
-	devs=$(ls -1 "/sys/class/net/${br}/brif/")
-	for dev in $devs; do
-		case "$dev" in boot0|eth?|eth??|tun?|tun??) continue ;; esac
-		iptables -t nat -A PREROUTING -d 192.168.101.1 -p tcp --dport 515 -j REDIRECT --to-port 5515
-		iptables -t nat -A PREROUTING -d 192.169.101.1 -p tcp --dport 515 -j REDIRECT --to-port 5515
-		iptables -t nat -A PREROUTING -d 100.100.100.100 -p tcp --dport 515 -j REDIRECT --to-port 5515
-	done
-done
+# Redirect from VM to lpd - outside should not get routed anyways, so checking destination should
+# be enough
+iptables -t nat -A PREROUTING -d 192.168.101.1 -p tcp --dport 515 -j REDIRECT --to-port 5515
+iptables -t nat -A PREROUTING -d 192.169.101.1 -p tcp --dport 515 -j REDIRECT --to-port 5515
+iptables -t nat -A PREROUTING -d 100.100.100.100 -p tcp --dport 515 -j REDIRECT --to-port 5515
 # Close from outside
+iptables -A INPUT -s 192.168.101.0/24 -p tcp --dport 5515 -j ACCEPT
+iptables -A INPUT -p tcp --dport 5515 -j ACCEPT
 iptables -A INPUT -p tcp --dport 515 -j DROP
 exit 0
 
-- 
cgit v1.2.3-55-g7522