[svn/Prometheus-QoS/.git] / optional-tools / make-iptables-restore

#!/bin/bash
# $Id$
iptables="/sbin/iptables"
iptablesrestore="/sbin/iptables-restore"
ifconfig="/sbin/ifconfig"
grep="/bin/grep"
cut="/usr/bin/cut"
ipcalc="/usr/bin/ipcalc"

#pimp files must be generated by optional-tools/make-pimp utility
pimp_2way_nat="/dev/shm/pimp-2way-nat.tmp"
pimp_snat="/dev/shm/pimp-snat.tmp"
etchosts="/mnt/mtdblock0/hosts"
restoretmp="/dev/shm/iptables-restore.tmp"
restoredata="/mnt/mtdblock0/iptables-restore.in"
wan1="vlan770"
wan2="vlan771"
wan3="vlan772"
wan4="vlan774"
czffirstbitmask="19"
czfsecondbitmask="22"
czfthirdbitmask="25"
czffourthbitmask="28"
pubfirstbitmask="26"
pubsecondbitmask="29"
chaintrack="_"

echo "*nat" > $restoretmp
echo ":PREROUTING ACCEPT [0:0]" >> $restoretmp
echo ":POSTROUTING ACCEPT [0:0]" >> $restoretmp
echo ":OUTPUT ACCEPT [0:0]" >> $restoretmp

# ===============================================================
#  Symetrical SNAT-DNAT using indexed iptables
# ===============================================================
echo -n "Generating new iptables-restore data - two way SNAT/DNAT "

for czfip in `$grep -v ^# $pimp_2way_nat|$cut -f 1 -d " "`
do
 pubip=`$grep "$czfip " $pimp_2way_nat|$cut -f 2 -d " "`
 czffirstindex=priv_`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
 czfsecondindex=priv_`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
 czfthirdindex=priv_`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
 czffourthindex=priv_`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
 pubfirstindex=pub_`$ipcalc -n $pubip/$pubfirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
 pubsecondindex=pub_`$ipcalc -n $pubip/$pubsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`

 if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
 then
  echo :$czffirstindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
  chaintrack=\ ${czffirstindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
 then
  echo :$czfsecondindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
  chaintrack=\ ${czfsecondindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
 then
  echo :$czfthirdindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
  chaintrack=\ ${czfthirdindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
 then
  echo :$czffourthindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
  chaintrack=\ ${czffourthindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$pubfirstindex"* ]]
 then
  echo :$pubfirstindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $pubip/$pubfirstbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A PREROUTING -i $wan1 -d $s -j $pubfirstindex >> $restoretmp
  echo -A PREROUTING -i $wan2 -d $s -j $pubfirstindex >> $restoretmp
  echo -A PREROUTING -i $wan3 -d $s -j $pubfirstindex >> $restoretmp
  echo -A PREROUTING -i $wan4 -d $s -j $pubfirstindex >> $restoretmp
  chaintrack=\ ${pubfirstindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$pubsecondindex"* ]]
 then
  echo :$pubsecondindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $pubip/$pubsecondbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A $pubfirstindex -i $wan1 -d $s -j $pubsecondindex >> $restoretmp
  echo -A $pubfirstindex -i $wan2 -d $s -j $pubsecondindex >> $restoretmp
  echo -A $pubfirstindex -i $wan3 -d $s -j $pubsecondindex >> $restoretmp
  echo -A $pubfirstindex -i $wan4 -d $s -j $pubsecondindex >> $restoretmp
  chaintrack=\ ${pubsecondindex}\ ${chaintrack}
 fi

 echo -A $pubsecondindex -i $wan1 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
 echo -A $pubsecondindex -i $wan2 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
 echo -A $pubsecondindex -i $wan3 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
 echo -A $pubsecondindex -i $wan4 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp

 echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT --to-source $pubip >> $restoretmp

 echo -n .

done
echo " done."

# ===============================================================
#  SNAT only using indexed iptables (should be rather function, hmm)
# ===============================================================
echo -n "Generating new iptables-restore data - one way SNAT "

for czfip in `$grep -v ^# $pimp_snat|$cut -f 1 -d " "`
do
 pubip=`$grep "$czfip " $pimp_snat|$cut -f 2 -d " "`
 czffirstindex=priv_`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
 czfsecondindex=priv_`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
 czfthirdindex=priv_`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
 czffourthindex=priv_`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`

 if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
 then
  echo :$czffirstindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
  chaintrack=\ ${czffirstindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
 then
  echo :$czfsecondindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
  chaintrack=\ ${czfsecondindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
 then
  echo :$czfthirdindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
  chaintrack=\ ${czfthirdindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
 then
  echo :$czffourthindex "- [0:0]" >> $restoretmp
  s=`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ `
  echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
  chaintrack=\ ${czffourthindex}\ ${chaintrack}
 fi

 echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT --to-source $pubip >> $restoretmp

 echo -n .
done
echo " done."

echo COMMIT >> $restoretmp
echo -n "Writing $restoredata"
mv $restoretmp $restoredata
Commit	Line	Data
86d37066	1	#!/bin/bash
f1bba845	2	# $Id$
86d37066	3	iptables="/sbin/iptables"
86d37066	4	iptablesrestore="/sbin/iptables-restore"
f2893be6	5	ifconfig="/sbin/ifconfig"
	6	grep="/bin/grep"
	7	cut="/usr/bin/cut"
1fcbc04f	8	ipcalc="/usr/bin/ipcalc"
86d37066	9
86d37066	10	#pimp files must be generated by optional-tools/make-pimp utility
3a4fe273	11	pimp_2way_nat="/dev/shm/pimp-2way-nat.tmp"
3a4fe273	12	pimp_snat="/dev/shm/pimp-snat.tmp"
86d37066	13	etchosts="/mnt/mtdblock0/hosts"
3a4fe273	14	restoretmp="/dev/shm/iptables-restore.tmp"
86d37066	15	restoredata="/mnt/mtdblock0/iptables-restore.in"
	16	wan1="vlan770"
	17	wan2="vlan771"
	18	wan3="vlan772"
3a4fe273	19	wan4="vlan774"
	20	czffirstbitmask="19"
	21	czfsecondbitmask="22"
	22	czfthirdbitmask="25"
	23	czffourthbitmask="28"
	24	pubfirstbitmask="26"
	25	pubsecondbitmask="29"
1fcbc04f	26	chaintrack="_"
f1bba845	27
3a4fe273	28	echo "*nat" > $restoretmp
	29	echo ":PREROUTING ACCEPT [0:0]" >> $restoretmp
	30	echo ":POSTROUTING ACCEPT [0:0]" >> $restoretmp
	31	echo ":OUTPUT ACCEPT [0:0]" >> $restoretmp
86d37066	32
	33	# ===============================================================
	34	# Symetrical SNAT-DNAT using indexed iptables
	35	# ===============================================================
f2893be6	36	echo -n "Generating new iptables-restore data - two way SNAT/DNAT "
f1bba845	37
f2893be6	38	for czfip in `$grep -v ^# $pimp_2way_nat\|$cut -f 1 -d " "`
	39	do
	40	pubip=`$grep "$czfip " $pimp_2way_nat\|$cut -f 2 -d " "`
1fcbc04f	41	czffirstindex=priv_`$ipcalc -n $czfip/$czffirstbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	42	czfsecondindex=priv_`$ipcalc -n $czfip/$czfsecondbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	43	czfthirdindex=priv_`$ipcalc -n $czfip/$czfthirdbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	44	czffourthindex=priv_`$ipcalc -n $czfip/$czffourthbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	45	pubfirstindex=pub_`$ipcalc -n $pubip/$pubfirstbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	46	pubsecondindex=pub_`$ipcalc -n $pubip/$pubsecondbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	47
	48	if ! [[ "$chaintrack" == "$czffirstindex" ]]
86d37066	49	then
3a4fe273	50	echo :$czffirstindex "- [0:0]" >> $restoretmp
1fcbc04f	51	s=`$ipcalc -n $czfip/$czffirstbitmask\|$grep Network\|$cut -f 4 -d \ `
	52	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
	53	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
	54	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
	55	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
	56	chaintrack=\ ${czffirstindex}\ ${chaintrack}
86d37066	57	fi
86d37066	58
1fcbc04f	59	if ! [[ "$chaintrack" == "$czfsecondindex" ]]
86d37066	60	then
3a4fe273	61	echo :$czfsecondindex "- [0:0]" >> $restoretmp
1fcbc04f	62	s=`$ipcalc -n $czfip/$czfsecondbitmask\|$grep Network\|$cut -f 4 -d \ `
	63	echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
	64	echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
	65	echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
	66	echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
	67	chaintrack=\ ${czfsecondindex}\ ${chaintrack}
86d37066	68	fi
86d37066	69
1fcbc04f	70	if ! [[ "$chaintrack" == "$czfthirdindex" ]]
86d37066	71	then
3a4fe273	72	echo :$czfthirdindex "- [0:0]" >> $restoretmp
1fcbc04f	73	s=`$ipcalc -n $czfip/$czfthirdbitmask\|$grep Network\|$cut -f 4 -d \ `
	74	echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
	75	echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
	76	echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
	77	echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
	78	chaintrack=\ ${czfthirdindex}\ ${chaintrack}
86d37066	79	fi
86d37066	80
1fcbc04f	81	if ! [[ "$chaintrack" == "$czffourthindex" ]]
86d37066	82	then
3a4fe273	83	echo :$czffourthindex "- [0:0]" >> $restoretmp
1fcbc04f	84	s=`$ipcalc -n $czfip/$czffourthbitmask\|$grep Network\|$cut -f 4 -d \ `
	85	echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
	86	echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
	87	echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
	88	echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
	89	chaintrack=\ ${czffourthindex}\ ${chaintrack}
86d37066	90	fi
86d37066	91
1fcbc04f	92	if ! [[ "$chaintrack" == "$pubfirstindex" ]]
86d37066	93	then
3a4fe273	94	echo :$pubfirstindex "- [0:0]" >> $restoretmp
1fcbc04f	95	s=`$ipcalc -n $pubip/$pubfirstbitmask\|$grep Network\|$cut -f 4 -d \ `
	96	echo -A PREROUTING -i $wan1 -d $s -j $pubfirstindex >> $restoretmp
	97	echo -A PREROUTING -i $wan2 -d $s -j $pubfirstindex >> $restoretmp
	98	echo -A PREROUTING -i $wan3 -d $s -j $pubfirstindex >> $restoretmp
	99	echo -A PREROUTING -i $wan4 -d $s -j $pubfirstindex >> $restoretmp
	100	chaintrack=\ ${pubfirstindex}\ ${chaintrack}
86d37066	101	fi
86d37066	102
1fcbc04f	103	if ! [[ "$chaintrack" == "$pubsecondindex" ]]
3a4fe273	104	then
3a4fe273	105	echo :$pubsecondindex "- [0:0]" >> $restoretmp
1fcbc04f	106	s=`$ipcalc -n $pubip/$pubsecondbitmask\|$grep Network\|$cut -f 4 -d \ `
	107	echo -A $pubfirstindex -i $wan1 -d $s -j $pubsecondindex >> $restoretmp
	108	echo -A $pubfirstindex -i $wan2 -d $s -j $pubsecondindex >> $restoretmp
	109	echo -A $pubfirstindex -i $wan3 -d $s -j $pubsecondindex >> $restoretmp
	110	echo -A $pubfirstindex -i $wan4 -d $s -j $pubsecondindex >> $restoretmp
	111	chaintrack=\ ${pubsecondindex}\ ${chaintrack}
3a4fe273	112	fi
86d37066	113
3a4fe273	114	echo -A $pubsecondindex -i $wan1 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
	115	echo -A $pubsecondindex -i $wan2 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
	116	echo -A $pubsecondindex -i $wan3 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
	117	echo -A $pubsecondindex -i $wan4 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
86d37066	118
3a4fe273	119	echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT --to-source $pubip >> $restoretmp
	120	echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT --to-source $pubip >> $restoretmp
	121	echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT --to-source $pubip >> $restoretmp
	122	echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT --to-source $pubip >> $restoretmp
86d37066	123
86d37066	124	echo -n .
1fcbc04f	125
f2893be6	126	done
86d37066	127	echo " done."
86d37066	128
86d37066	129	# ===============================================================
	130	# SNAT only using indexed iptables (should be rather function, hmm)
	131	# ===============================================================
1fcbc04f	132	echo -n "Generating new iptables-restore data - one way SNAT "
86d37066	133
f2893be6	134	for czfip in `$grep -v ^# $pimp_snat\|$cut -f 1 -d " "`
	135	do
	136	pubip=`$grep "$czfip " $pimp_snat\|$cut -f 2 -d " "`
1fcbc04f	137	czffirstindex=priv_`$ipcalc -n $czfip/$czffirstbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	138	czfsecondindex=priv_`$ipcalc -n $czfip/$czfsecondbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	139	czfthirdindex=priv_`$ipcalc -n $czfip/$czfthirdbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
	140	czffourthindex=priv_`$ipcalc -n $czfip/$czffourthbitmask\|$grep Network\|$cut -f 4 -d \ \|tr [./] _`
3a4fe273	141
1fcbc04f	142	if ! [[ "$chaintrack" == "$czffirstindex" ]]
3a4fe273	143	then
3a4fe273	144	echo :$czffirstindex "- [0:0]" >> $restoretmp
1fcbc04f	145	s=`$ipcalc -n $czfip/$czffirstbitmask\|$grep Network\|$cut -f 4 -d \ `
	146	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
	147	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
	148	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
	149	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
	150	chaintrack=\ ${czffirstindex}\ ${chaintrack}
3a4fe273	151	fi
86d37066	152
1fcbc04f	153	if ! [[ "$chaintrack" == "$czfsecondindex" ]]
86d37066	154	then
3a4fe273	155	echo :$czfsecondindex "- [0:0]" >> $restoretmp
1fcbc04f	156	s=`$ipcalc -n $czfip/$czfsecondbitmask\|$grep Network\|$cut -f 4 -d \ `
	157	echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
	158	echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
	159	echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
	160	echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
	161	chaintrack=\ ${czfsecondindex}\ ${chaintrack}
86d37066	162	fi
86d37066	163
1fcbc04f	164	if ! [[ "$chaintrack" == "$czfthirdindex" ]]
86d37066	165	then
3a4fe273	166	echo :$czfthirdindex "- [0:0]" >> $restoretmp
1fcbc04f	167	s=`$ipcalc -n $czfip/$czfthirdbitmask\|$grep Network\|$cut -f 4 -d \ `
	168	echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
	169	echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
	170	echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
	171	echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
	172	chaintrack=\ ${czfthirdindex}\ ${chaintrack}
86d37066	173	fi
86d37066	174
1fcbc04f	175	if ! [[ "$chaintrack" == "$czffourthindex" ]]
86d37066	176	then
3a4fe273	177	echo :$czffourthindex "- [0:0]" >> $restoretmp
1fcbc04f	178	s=`$ipcalc -n $czfip/$czffourthbitmask\|$grep Network\|$cut -f 4 -d \ `
	179	echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
	180	echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
	181	echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
	182	echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
	183	chaintrack=\ ${czffourthindex}\ ${chaintrack}
86d37066	184	fi
86d37066	185
3a4fe273	186	echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT --to-source $pubip >> $restoretmp
	187	echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT --to-source $pubip >> $restoretmp
	188	echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT --to-source $pubip >> $restoretmp
	189	echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT --to-source $pubip >> $restoretmp
86d37066	190
86d37066	191	echo -n .
f2893be6	192	done
86d37066	193	echo " done."
86d37066	194
3a4fe273	195	echo COMMIT >> $restoretmp
1fcbc04f	196	echo -n "Writing $restoredata"
143c9a45	197	mv $restoretmp $restoredata