smeserver-coova-chilli/contribs7/smeserver-coova-chilli-0.2-allow_uamallowed.patch

--- smeserver-coova-chilli-0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom.allow_uamallowed        2008-09-02 13:28:02.000000000 +0200
+++ smeserver-coova-chilli-0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom 2009-03-13 09:11:24.000000000 +0100
@@ -14,12 +14,12 @@
 
 HERE
 
-# Allow services specidied in AllowedOutgoing
+my $ReIpNum = qr{([01]?\d\d?|2[0-4]\d|25[0-5])};
+my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)|any|ANY|\*};
+my $RePort = qr/\d{1,4}|[0-6]\d{4}|any|ANY|\*/;
 
+# Allow services specidied in AllowedOutgoing
 foreach (split(/[;,]/, ${'chilli'}{'AllowedOutgoing'} || '')){
-        my $ReIpNum = qr{([01]?\d\d?|2[0-4]\d|25[0-5])};
-        my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)|any|ANY|\*};
-        my $RePort = qr/\d{1,4}|[0-6]\d{4}|any|ANY|\*/;
        # Check the rules has the form proto:remote_host:remote_port
         next unless /^(tcp|TCP|udp|UDP):${ReIpAddr}:${RePort}$/;
         my @params = split(/:/, $_);
@@ -35,6 +35,22 @@
         $OUT .= "-j ACCEPT\n"
 }
 
+foreach (split(/[;,]/, ${'chilli'}{'uamallowed'} || '')){
+       # Check the rules has the form proto:remote_host:remote_port
+       # Or host:port or protocol:host
+        next unless /^((tcp|TCP|udp|UDP):)?((${ReIpAddr})|((\w+\.)?\w+\.\w{2,3}))(:${RePort})?$/;
+       my $proto = $1;
+       my $host = $2;
+       my $dport = $3;
+       $OUT .= "    # $_ is allowed:\n";
+        $OUT .= "    /sbin/iptables -A FORWARD_FROM_CHILLI ";
+        $OUT .= "-p $proto " if (($proto) && ($proto ne ''));
+        $OUT .= "-d $host ";
+        $OUT .= "--dport $dport " if (($dport) && ($dport ne ''));
+        $OUT .= "--syn " if ($proto =~ /tcp/i);
+        $OUT .= "-j ACCEPT\n"
+}
+
 # Allow the two dns servers specified
 $OUT .= "    # Allow dns requests to ${'chilli'}{'dns1'}\n" .
        "    /sbin/iptables -A FORWARD_FROM_CHILLI -p udp --dport 53 -d ${'chilli'}{'dns1'} -j ACCEPT\n" 
1	vip-ire	1.1	--- smeserver-coova-chilli-0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom.allow_uamallowed 2008-09-02 13:28:02.000000000 +0200
2			+++ smeserver-coova-chilli-0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom 2009-03-13 09:11:24.000000000 +0100
3			@@ -14,12 +14,12 @@
4
5			HERE
6
7			-# Allow services specidied in AllowedOutgoing
8			+my $ReIpNum = qr{([01]?\d\d?\|2[0-4]\d\|25[0-5])};
9			+my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)\|any\|ANY\|\*};
10			+my $RePort = qr/\d{1,4}\|[0-6]\d{4}\|any\|ANY\|\*/;
11
12			+# Allow services specidied in AllowedOutgoing
13			foreach (split(/[;,]/, ${'chilli'}{'AllowedOutgoing'} \|\| '')){
14			- my $ReIpNum = qr{([01]?\d\d?\|2[0-4]\d\|25[0-5])};
15			- my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)\|any\|ANY\|\*};
16			- my $RePort = qr/\d{1,4}\|[0-6]\d{4}\|any\|ANY\|\*/;
17			# Check the rules has the form proto:remote_host:remote_port
18			next unless /^(tcp\|TCP\|udp\|UDP):${ReIpAddr}:${RePort}$/;
19			my @params = split(/:/, $_);
20			@@ -35,6 +35,22 @@
21			$OUT .= "-j ACCEPT\n"
22			}
23
24			+foreach (split(/[;,]/, ${'chilli'}{'uamallowed'} \|\| '')){
25			+ # Check the rules has the form proto:remote_host:remote_port
26			+ # Or host:port or protocol:host
27			+ next unless /^((tcp\|TCP\|udp\|UDP):)?((${ReIpAddr})\|((\w+\.)?\w+\.\w{2,3}))(:${RePort})?$/;
28			+ my $proto = $1;
29			+ my $host = $2;
30			+ my $dport = $3;
31			+ $OUT .= " # $_ is allowed:\n";
32			+ $OUT .= " /sbin/iptables -A FORWARD_FROM_CHILLI ";
33			+ $OUT .= "-p $proto " if (($proto) && ($proto ne ''));
34			+ $OUT .= "-d $host ";
35			+ $OUT .= "--dport $dport " if (($dport) && ($dport ne ''));
36			+ $OUT .= "--syn " if ($proto =~ /tcp/i);
37			+ $OUT .= "-j ACCEPT\n"
38			+}
39			+
40			# Allow the two dns servers specified
41			$OUT .= " # Allow dns requests to ${'chilli'}{'dns1'}\n" .
42			" /sbin/iptables -A FORWARD_FROM_CHILLI -p udp --dport 53 -d ${'chilli'}{'dns1'} -j ACCEPT\n"