webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 03:07:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

firewall: Allow to disable masquerading.

Browse Source
This commit is contained in:
Michael Tremer
2014-05-17 14:08:52 +02:00
parent 13eef3ba74
commit 83ef9c40ef
11 changed files with 164 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/initscripts/init.d/firewall
View File

@@ -336,10 +336,31 @@ iptables_red() {
# Outgoing masquerading (don't masqerade IPSEC (mark 50))
iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN
if [ "$IFACE" != "$GREEN_DEV" ]; then
iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
if [ "$IFACE" = "$GREEN_DEV" ]; then
MASQUERADE_GREEN="off"
fi
local NO_MASQ_DEVICES
if [ "${MASQUERADE_GREEN}" = "off" ]; then
NO_MASQ_DEVICES="${NO_MASQ_DEVICES} ${GREEN_DEV}"
fi
if [ "${MASQUERADE_BLUE}" = "off" ]; then
NO_MASQ_DEVICES="${NO_MASQ_DEVICES} ${BLUE_DEV}"
fi
if [ "${MASQUERADE_ORANGE}" = "off" ]; then
NO_MASQ_DEVICES="${NO_MASQ_DEVICES} ${ORANGE_DEV}"
fi
local device
for device in ${NO_MASQ_DEVICES}; do
iptables -t nat -A REDNAT -i "${device}" -o "${IFACE}" -j RETURN
done
# Masquerade everything else
iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
fi
# Reload all rules.