webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-24 09:52:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

firewall-no-nat: Use network masks to identify the subnets.

Browse Source 
In the POSTROUTING chains of the NAT table, there is
no more information about on which interface the packet
has arrived (green0, etc.).
This commit is contained in:
Michael Tremer
2014-08-06 14:37:21 +02:00
parent 83ef9c40ef
commit 983d471f93
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/initscripts/init.d/firewall
View File

@@ -340,23 +340,23 @@ iptables_red() {
MASQUERADE_GREEN="off"
fi
local NO_MASQ_DEVICES
local NO_MASQ_NETWORKS
if [ "${MASQUERADE_GREEN}" = "off" ]; then
NO_MASQ_DEVICES="${NO_MASQ_DEVICES} ${GREEN_DEV}"
NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${GREEN_NETADDRESS}/${GREEN_NETMASK}"
fi
if [ "${MASQUERADE_BLUE}" = "off" ]; then
NO_MASQ_DEVICES="${NO_MASQ_DEVICES} ${BLUE_DEV}"
NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${BLUE_NETADDRESS}/${BLUE_NETMASK}"
fi
if [ "${MASQUERADE_ORANGE}" = "off" ]; then
NO_MASQ_DEVICES="${NO_MASQ_DEVICES} ${ORANGE_DEV}"
NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${ORANGE_NETADDRESS}/${ORANGE_NETMASK}"
fi
local device
for device in ${NO_MASQ_DEVICES}; do
iptables -t nat -A REDNAT -i "${device}" -o "${IFACE}" -j RETURN
local network
for network in ${NO_MASQ_NETWORKS}; do
iptables -t nat -A REDNAT -s "${network}" -o "${IFACE}" -j RETURN
done
# Masquerade everything else