[svn/Prometheus-QoS/.git] / optional-tools / make-iptables-restore

#!/bin/bash
iptables="/sbin/iptables"
iptablesrestore="/sbin/iptables-restore"
ifconfig="/sbin/ifconfig"
grep="/bin/grep"
cut="/usr/bin/cut"
ipcalc="/usr/bin/ipcalc"

#pimp files must be generated by optional-tools/make-pimp utility
pimp_2way_nat="/dev/shm/pimp-2way-nat.tmp"
pimp_snat="/dev/shm/pimp-snat.tmp"
etchosts="/mnt/mtdblock0/hosts"
restoretmp="/dev/shm/iptables-restore.tmp"
restoredata="/mnt/mtdblock0/iptables-restore.in"
wan1="vlan770"
wan2="vlan771"
wan3="vlan772"
wan4="vlan774"
czffirstbitmask="19"
czfsecondbitmask="22"
czfthirdbitmask="25"
czffourthbitmask="28"
pubfirstbitmask="26"
pubsecondbitmask="29"
chaintrack="_"

echo "*nat" > $restoretmp
echo ":PREROUTING ACCEPT [0:0]" >> $restoretmp
echo ":POSTROUTING ACCEPT [0:0]" >> $restoretmp
echo ":OUTPUT ACCEPT [0:0]" >> $restoretmp

# ===============================================================
#  Symetrical SNAT-DNAT using indexed iptables
# ===============================================================
echo -n "Generating new iptables-restore data - two way SNAT/DNAT "

for czfip in `$grep -v ^# $pimp_2way_nat|$cut -f 1 -d " "`
do
 pubip=`$grep "$czfip " $pimp_2way_nat|$cut -f 2 -d " "`
 czffirstindex=priv_`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
 czfsecondindex=priv_`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
 czfthirdindex=priv_`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
 czffourthindex=priv_`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
 pubfirstindex=pub_`$ipcalc -n $pubip/$pubfirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
 pubsecondindex=pub_`$ipcalc -n $pubip/$pubsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`

 if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
 then
  echo :$czffirstindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
  chaintrack=\ ${czffirstindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
 then
  echo :$czfsecondindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
  chaintrack=\ ${czfsecondindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
 then
  echo :$czfthirdindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
  chaintrack=\ ${czfthirdindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
 then
  echo :$czffourthindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
  chaintrack=\ ${czffourthindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$pubfirstindex"* ]]
 then
  echo :$pubfirstindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $pubip/$pubfirstbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A PREROUTING -i $wan1 -d $s -j $pubfirstindex >> $restoretmp
  echo -A PREROUTING -i $wan2 -d $s -j $pubfirstindex >> $restoretmp
  echo -A PREROUTING -i $wan3 -d $s -j $pubfirstindex >> $restoretmp
  echo -A PREROUTING -i $wan4 -d $s -j $pubfirstindex >> $restoretmp
  chaintrack=\ ${pubfirstindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$pubsecondindex"* ]]
 then
  echo :$pubsecondindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $pubip/$pubsecondbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A $pubfirstindex -i $wan1 -d $s -j $pubsecondindex >> $restoretmp
  echo -A $pubfirstindex -i $wan2 -d $s -j $pubsecondindex >> $restoretmp
  echo -A $pubfirstindex -i $wan3 -d $s -j $pubsecondindex >> $restoretmp
  echo -A $pubfirstindex -i $wan4 -d $s -j $pubsecondindex >> $restoretmp
  chaintrack=\ ${pubsecondindex}\ ${chaintrack}
 fi

 echo -A $pubsecondindex -i $wan1 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
 echo -A $pubsecondindex -i $wan2 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
 echo -A $pubsecondindex -i $wan3 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
 echo -A $pubsecondindex -i $wan4 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp

 echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT --to-source $pubip >> $restoretmp

 echo -n .

done
echo " done."

# ===============================================================
#  SNAT only using indexed iptables (should be rather function, hmm)
# ===============================================================
echo -n "Generating new iptables-restore data - one way SNAT "

for czfip in `$grep -v ^# $pimp_snat|$cut -f 1 -d " "`
do
 pubip=`$grep "$czfip " $pimp_snat|$cut -f 2 -d " "`
 czffirstindex=priv_`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
 czfsecondindex=priv_`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
 czfthirdindex=priv_`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
 czffourthindex=priv_`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`

 if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
 then
  echo :$czffirstindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
  chaintrack=\ ${czffirstindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
 then
  echo :$czfsecondindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
  chaintrack=\ ${czfsecondindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
 then
  echo :$czfthirdindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
  chaintrack=\ ${czfthirdindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
 then
  echo :$czffourthindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
  chaintrack=\ ${czffourthindex}\ ${chaintrack}
 fi

 echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT --to-source $pubip >> $restoretmp

 echo -n .
done
echo " done."

echo COMMIT >> $restoretmp
echo -n "Writing $restoredata"
mv $restoretmp $restoredata
Commit	Line	Data
86d37066	1	#!/bin/bash
	2	iptables="/sbin/iptables"
	3	iptablesrestore="/sbin/iptables-restore"
	4	ifconfig="/sbin/ifconfig"
3a4fe273	5	grep="/bin/grep"
3a4fe273	6	cut="/usr/bin/cut"
143c9a45	7	ipcalc="/usr/bin/ipcalc"
86d37066	8
86d37066	9	#pimp files must be generated by optional-tools/make-pimp utility
3a4fe273	10	pimp_2way_nat="/dev/shm/pimp-2way-nat.tmp"
3a4fe273	11	pimp_snat="/dev/shm/pimp-snat.tmp"
86d37066	12	etchosts="/mnt/mtdblock0/hosts"
3a4fe273	13	restoretmp="/dev/shm/iptables-restore.tmp"
86d37066	14	restoredata="/mnt/mtdblock0/iptables-restore.in"
	15	wan1="vlan770"
	16	wan2="vlan771"
	17	wan3="vlan772"
3a4fe273	18	wan4="vlan774"
	19	czffirstbitmask="19"
	20	czfsecondbitmask="22"
	21	czfthirdbitmask="25"
	22	czffourthbitmask="28"
	23	pubfirstbitmask="26"
	24	pubsecondbitmask="29"
143c9a45	25	chaintrack="_"
3a4fe273	26
	27	echo "*nat" > $restoretmp
	28	echo ":PREROUTING ACCEPT [0:0]" >> $restoretmp
	29	echo ":POSTROUTING ACCEPT [0:0]" >> $restoretmp
	30	echo ":OUTPUT ACCEPT [0:0]" >> $restoretmp
86d37066	31
	32	# ===============================================================
	33	# Symetrical SNAT-DNAT using indexed iptables
	34	# ===============================================================
86d37066	35	echo -n "Generating new iptables-restore data - two way SNAT/DNAT "
86d37066	36
3a4fe273	37	for czfip in `$grep -v ^# $pimp_2way_nat\|$cut -f 1 -d " "`
86d37066	38	do
3a4fe273	39	pubip=`$grep "$czfip " $pimp_2way_nat\|$cut -f 2 -d " "`
143c9a45	40	czffirstindex=priv_`$ipcalc -n $czfip/$czffirstbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	41	czfsecondindex=priv_`$ipcalc -n $czfip/$czfsecondbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	42	czfthirdindex=priv_`$ipcalc -n $czfip/$czfthirdbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	43	czffourthindex=priv_`$ipcalc -n $czfip/$czffourthbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	44	pubfirstindex=pub_`$ipcalc -n $pubip/$pubfirstbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	45	pubsecondindex=pub_`$ipcalc -n $pubip/$pubsecondbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	46
	47	if ! [[ "$chaintrack" == "$czffirstindex" ]]
86d37066	48	then
3a4fe273	49	echo :$czffirstindex "- [0:0]" >> $restoretmp
143c9a45	50	s=`$ipcalc -n $czfip/$czffirstbitmask\|$grep Network\|$cut -f 4 -d \ `
	51	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
	52	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
	53	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
	54	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
	55	chaintrack=\ ${czffirstindex}\ ${chaintrack}
86d37066	56	fi
86d37066	57
143c9a45	58	if ! [[ "$chaintrack" == "$czfsecondindex" ]]
86d37066	59	then
3a4fe273	60	echo :$czfsecondindex "- [0:0]" >> $restoretmp
143c9a45	61	s=`$ipcalc -n $czfip/$czfsecondbitmask\|$grep Network\|$cut -f 4 -d \ `
	62	echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
	63	echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
	64	echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
	65	echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
	66	chaintrack=\ ${czfsecondindex}\ ${chaintrack}
86d37066	67	fi
86d37066	68
143c9a45	69	if ! [[ "$chaintrack" == "$czfthirdindex" ]]
86d37066	70	then
3a4fe273	71	echo :$czfthirdindex "- [0:0]" >> $restoretmp
143c9a45	72	s=`$ipcalc -n $czfip/$czfthirdbitmask\|$grep Network\|$cut -f 4 -d \ `
	73	echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
	74	echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
	75	echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
	76	echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
	77	chaintrack=\ ${czfthirdindex}\ ${chaintrack}
86d37066	78	fi
86d37066	79
143c9a45	80	if ! [[ "$chaintrack" == "$czffourthindex" ]]
86d37066	81	then
3a4fe273	82	echo :$czffourthindex "- [0:0]" >> $restoretmp
143c9a45	83	s=`$ipcalc -n $czfip/$czffourthbitmask\|$grep Network\|$cut -f 4 -d \ `
	84	echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
	85	echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
	86	echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
	87	echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
	88	chaintrack=\ ${czffourthindex}\ ${chaintrack}
86d37066	89	fi
86d37066	90
143c9a45	91	if ! [[ "$chaintrack" == "$pubfirstindex" ]]
86d37066	92	then
3a4fe273	93	echo :$pubfirstindex "- [0:0]" >> $restoretmp
143c9a45	94	s=`$ipcalc -n $pubip/$pubfirstbitmask\|$grep Network\|$cut -f 4 -d \ `
	95	echo -A PREROUTING -i $wan1 -d $s -j $pubfirstindex >> $restoretmp
	96	echo -A PREROUTING -i $wan2 -d $s -j $pubfirstindex >> $restoretmp
	97	echo -A PREROUTING -i $wan3 -d $s -j $pubfirstindex >> $restoretmp
	98	echo -A PREROUTING -i $wan4 -d $s -j $pubfirstindex >> $restoretmp
	99	chaintrack=\ ${pubfirstindex}\ ${chaintrack}
86d37066	100	fi
86d37066	101
143c9a45	102	if ! [[ "$chaintrack" == "$pubsecondindex" ]]
3a4fe273	103	then
3a4fe273	104	echo :$pubsecondindex "- [0:0]" >> $restoretmp
143c9a45	105	s=`$ipcalc -n $pubip/$pubsecondbitmask\|$grep Network\|$cut -f 4 -d \ `
	106	echo -A $pubfirstindex -i $wan1 -d $s -j $pubsecondindex >> $restoretmp
	107	echo -A $pubfirstindex -i $wan2 -d $s -j $pubsecondindex >> $restoretmp
	108	echo -A $pubfirstindex -i $wan3 -d $s -j $pubsecondindex >> $restoretmp
	109	echo -A $pubfirstindex -i $wan4 -d $s -j $pubsecondindex >> $restoretmp
	110	chaintrack=\ ${pubsecondindex}\ ${chaintrack}
3a4fe273	111	fi
86d37066	112
3a4fe273	113	echo -A $pubsecondindex -i $wan1 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
	114	echo -A $pubsecondindex -i $wan2 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
	115	echo -A $pubsecondindex -i $wan3 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
	116	echo -A $pubsecondindex -i $wan4 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
86d37066	117
3a4fe273	118	echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT --to-source $pubip >> $restoretmp
	119	echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT --to-source $pubip >> $restoretmp
	120	echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT --to-source $pubip >> $restoretmp
	121	echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT --to-source $pubip >> $restoretmp
86d37066	122
86d37066	123	echo -n .
143c9a45	124
86d37066	125	done
	126	echo " done."
	127
86d37066	128	# ===============================================================
	129	# SNAT only using indexed iptables (should be rather function, hmm)
	130	# ===============================================================
143c9a45	131	echo -n "Generating new iptables-restore data - one way SNAT "
86d37066	132
3a4fe273	133	for czfip in `$grep -v ^# $pimp_snat\|$cut -f 1 -d " "`
86d37066	134	do
3a4fe273	135	pubip=`$grep "$czfip " $pimp_snat\|$cut -f 2 -d " "`
143c9a45	136	czffirstindex=priv_`$ipcalc -n $czfip/$czffirstbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	137	czfsecondindex=priv_`$ipcalc -n $czfip/$czfsecondbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	138	czfthirdindex=priv_`$ipcalc -n $czfip/$czfthirdbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	139	czffourthindex=priv_`$ipcalc -n $czfip/$czffourthbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
3a4fe273	140
143c9a45	141	if ! [[ "$chaintrack" == "$czffirstindex" ]]
3a4fe273	142	then
3a4fe273	143	echo :$czffirstindex "- [0:0]" >> $restoretmp
143c9a45	144	s=`$ipcalc -n $czfip/$czffirstbitmask\|$grep Network\|$cut -f 4 -d \ `
	145	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
	146	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
	147	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
	148	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
	149	chaintrack=\ ${czffirstindex}\ ${chaintrack}
3a4fe273	150	fi
86d37066	151
143c9a45	152	if ! [[ "$chaintrack" == "$czfsecondindex" ]]
86d37066	153	then
3a4fe273	154	echo :$czfsecondindex "- [0:0]" >> $restoretmp
143c9a45	155	s=`$ipcalc -n $czfip/$czfsecondbitmask\|$grep Network\|$cut -f 4 -d \ `
	156	echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
	157	echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
	158	echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
	159	echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
	160	chaintrack=\ ${czfsecondindex}\ ${chaintrack}
86d37066	161	fi
86d37066	162
143c9a45	163	if ! [[ "$chaintrack" == "$czfthirdindex" ]]
86d37066	164	then
3a4fe273	165	echo :$czfthirdindex "- [0:0]" >> $restoretmp
143c9a45	166	s=`$ipcalc -n $czfip/$czfthirdbitmask\|$grep Network\|$cut -f 4 -d \ `
	167	echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
	168	echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
	169	echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
	170	echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
	171	chaintrack=\ ${czfthirdindex}\ ${chaintrack}
86d37066	172	fi
86d37066	173
143c9a45	174	if ! [[ "$chaintrack" == "$czffourthindex" ]]
86d37066	175	then
3a4fe273	176	echo :$czffourthindex "- [0:0]" >> $restoretmp
143c9a45	177	s=`$ipcalc -n $czfip/$czffourthbitmask\|$grep Network\|$cut -f 4 -d \ `
	178	echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
	179	echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
	180	echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
	181	echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
	182	chaintrack=\ ${czffourthindex}\ ${chaintrack}
86d37066	183	fi
86d37066	184
3a4fe273	185	echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT --to-source $pubip >> $restoretmp
	186	echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT --to-source $pubip >> $restoretmp
	187	echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT --to-source $pubip >> $restoretmp
	188	echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT --to-source $pubip >> $restoretmp
86d37066	189
	190	echo -n .
	191	done
	192	echo " done."
	193
3a4fe273	194	echo COMMIT >> $restoretmp
143c9a45	195	echo -n "Writing $restoredata"
143c9a45	196	mv $restoretmp $restoredata