smeserver-coova-chilli/contribs7/smeserver-coova-chilli-0.2-allow_uamallowed.patch

--- smeserver-coova-chilli-0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom.allow_uamallowed        2008-09-02 13:28:02.000000000 +0200
+++ smeserver-coova-chilli-0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom 2009-03-13 09:11:24.000000000 +0100
@@ -14,12 +14,12 @@
 
 HERE
 
-# Allow services specidied in AllowedOutgoing
+my $ReIpNum = qr{([01]?\d\d?|2[0-4]\d|25[0-5])};
+my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)|any|ANY|\*};
+my $RePort = qr/\d{1,4}|[0-6]\d{4}|any|ANY|\*/;
 
+# Allow services specidied in AllowedOutgoing
 foreach (split(/[;,]/, ${'chilli'}{'AllowedOutgoing'} || '')){
-        my $ReIpNum = qr{([01]?\d\d?|2[0-4]\d|25[0-5])};
-        my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)|any|ANY|\*};
-        my $RePort = qr/\d{1,4}|[0-6]\d{4}|any|ANY|\*/;
        # Check the rules has the form proto:remote_host:remote_port
         next unless /^(tcp|TCP|udp|UDP):${ReIpAddr}:${RePort}$/;
         my @params = split(/:/, $_);
@@ -35,6 +35,22 @@
         $OUT .= "-j ACCEPT\n"
 }
 
+foreach (split(/[;,]/, ${'chilli'}{'uamallowed'} || '')){
+       # Check the rules has the form proto:remote_host:remote_port
+       # Or host:port or protocol:host
+        next unless /^((tcp|TCP|udp|UDP):)?((${ReIpAddr})|((\w+\.)?\w+\.\w{2,3}))(:${RePort})?$/;
+       my $proto = $1;
+       my $host = $2;
+       my $dport = $3;
+       $OUT .= "    # $_ is allowed:\n";
+        $OUT .= "    /sbin/iptables -A FORWARD_FROM_CHILLI ";
+        $OUT .= "-p $proto " if (($proto) && ($proto ne ''));
+        $OUT .= "-d $host ";
+        $OUT .= "--dport $dport " if (($dport) && ($dport ne ''));
+        $OUT .= "--syn " if ($proto =~ /tcp/i);
+        $OUT .= "-j ACCEPT\n"
+}
+
 # Allow the two dns servers specified
 $OUT .= "    # Allow dns requests to ${'chilli'}{'dns1'}\n" .
        "    /sbin/iptables -A FORWARD_FROM_CHILLI -p udp --dport 53 -d ${'chilli'}{'dns1'} -j ACCEPT\n" 
1	--- smeserver-coova-chilli-0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom.allow_uamallowed 2008-09-02 13:28:02.000000000 +0200
2	+++ smeserver-coova-chilli-0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom 2009-03-13 09:11:24.000000000 +0100
3	@@ -14,12 +14,12 @@
4
5	HERE
6
7	-# Allow services specidied in AllowedOutgoing
8	+my $ReIpNum = qr{([01]?\d\d?\|2[0-4]\d\|25[0-5])};
9	+my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)\|any\|ANY\|\*};
10	+my $RePort = qr/\d{1,4}\|[0-6]\d{4}\|any\|ANY\|\*/;
11
12	+# Allow services specidied in AllowedOutgoing
13	foreach (split(/[;,]/, ${'chilli'}{'AllowedOutgoing'} \|\| '')){
14	- my $ReIpNum = qr{([01]?\d\d?\|2[0-4]\d\|25[0-5])};
15	- my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)\|any\|ANY\|\*};
16	- my $RePort = qr/\d{1,4}\|[0-6]\d{4}\|any\|ANY\|\*/;
17	# Check the rules has the form proto:remote_host:remote_port
18	next unless /^(tcp\|TCP\|udp\|UDP):${ReIpAddr}:${RePort}$/;
19	my @params = split(/:/, $_);
20	@@ -35,6 +35,22 @@
21	$OUT .= "-j ACCEPT\n"
22	}
23
24	+foreach (split(/[;,]/, ${'chilli'}{'uamallowed'} \|\| '')){
25	+ # Check the rules has the form proto:remote_host:remote_port
26	+ # Or host:port or protocol:host
27	+ next unless /^((tcp\|TCP\|udp\|UDP):)?((${ReIpAddr})\|((\w+\.)?\w+\.\w{2,3}))(:${RePort})?$/;
28	+ my $proto = $1;
29	+ my $host = $2;
30	+ my $dport = $3;
31	+ $OUT .= " # $_ is allowed:\n";
32	+ $OUT .= " /sbin/iptables -A FORWARD_FROM_CHILLI ";
33	+ $OUT .= "-p $proto " if (($proto) && ($proto ne ''));
34	+ $OUT .= "-d $host ";
35	+ $OUT .= "--dport $dport " if (($dport) && ($dport ne ''));
36	+ $OUT .= "--syn " if ($proto =~ /tcp/i);
37	+ $OUT .= "-j ACCEPT\n"
38	+}
39	+
40	# Allow the two dns servers specified
41	$OUT .= " # Allow dns requests to ${'chilli'}{'dns1'}\n" .
42	" /sbin/iptables -A FORWARD_FROM_CHILLI -p udp --dport 53 -d ${'chilli'}{'dns1'} -j ACCEPT\n"