[svn/Prometheus-QoS/.git] / optional-tools / make-iptables-restore

#!/bin/bash
# $Id$
iptables="/sbin/iptables"
iptablesrestore="/sbin/iptables-restore"

#pimp files must be generated by optional-tools/make-pimp utility
pimp_2way_nat="/dev/shm/pimp-2way-nat.tmp"
pimp_snat="/dev/shm/pimp-snat.tmp"
etchosts="/mnt/mtdblock0/hosts"
restoretmp="/dev/shm/iptables-restore.tmp"
restoredata="/mnt/mtdblock0/iptables-restore.in"
wan1="vlan770"
wan2="vlan771"
wan3="vlan772"
wan4="vlan774"
czffirstbitmask="19"
czfsecondbitmask="22"
czfthirdbitmask="25"
czffourthbitmask="28"
pubfirstbitmask="26"
pubsecondbitmask="29"
chaintrack="_"

# ===============================================================
#  ipcalc rewrite
# ===============================================================

gen_ipt_string() {
eval `echo $1 | awk -F\/ '{printf "IP=%s; CIDRMASK=%s; \n", $1, $2}'`

MASK_FULL_OCTETS=$(($CIDRMASK/8))
MASK_PART_OCTETS=$(($CIDRMASK%8))
for i in `seq 0 3`; do 
	if [ "$i" -lt "$MASK_FULL_OCTETS" ]; then
		MASK+="255"
	elif [ "$i" -eq "$MASK_FULL_OCTETS" ]; then
		MASK+=$((256 - 2**(8-$MASK_PART_OCTETS)))
	else
		MASK+="0"
	fi
	[ "$i" -lt "3" ] && MASK+="."
done

eval `echo $IP | awk -F\. '{printf "IPBYTE1=%s; IPBYTE2=%s; IPBYTE3=%s; IPBYTE4=%s; \n", $1, $2, $3, $4}'`
eval `echo $MASK | awk -F\. '{printf "MASKBYTE1=%s; MASKBYTE2=%s; MASKBYTE3=%s; MASKBYTE4=%s; \n", $1, $2, $3, $4}'`

IPT_STRING="$(($IPBYTE1 & $MASKBYTE1))_$(($IPBYTE2 & $MASKBYTE2))_$(($IPBYTE3 & $MASKBYTE3))_$(($IPBYTE4 & $MASKBYTE4))_$CIDRMASK"
echo $IPT_STRING
}

echo "*nat" > $restoretmp
echo ":PREROUTING ACCEPT [0:0]" >> $restoretmp
echo ":POSTROUTING ACCEPT [0:0]" >> $restoretmp
echo ":OUTPUT ACCEPT [0:0]" >> $restoretmp

# ===============================================================
#  Symetrical SNAT-DNAT using indexed iptables
# ===============================================================
echo -n "Generating new iptables-restore data - two way SNAT/DNAT "


while read LINE; do
 eval `echo -e $LINE | awk '{printf "czfip=%s; pubip=%s\n", $1, $2}'`
 czffirstindex=priv_`gen_ipt_string $czfip/$czffirstbitmask`
 czfsecondindex=priv_`gen_ipt_string $czfip/$czfsecondbitmask`
 czfthirdindex=priv_`gen_ipt_string $czfip/$czfthirdbitmask`
 czffourthindex=priv_`gen_ipt_string $czfip/$czffourthbitmask`
 pubfirstindex=pub_`gen_ipt_string $pubip/$pubfirstbitmask`
 pubsecondindex=pub_`gen_ipt_string $pubip/$pubsecondbitmask`

 if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
 then
  echo :$czffirstindex "- [0:0]" >> $restoretmp
  s=`gen_ipt_string $czfip/$czffirstbitmask| sed 's/_[0-9]*//4; s/_/./g'`
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
  chaintrack=\ ${czffirstindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
 then
  echo :$czfsecondindex "- [0:0]" >> $restoretmp
  s=`gen_ipt_string $czfip/$czfsecondbitmask| sed 's/_[0-9]*//4; s/_/./g'`
  echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
  chaintrack=\ ${czfsecondindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
 then
  echo :$czfthirdindex "- [0:0]" >> $restoretmp
  s=`gen_ipt_string $czfip/$czfthirdbitmask| sed 's/_[0-9]*//4; s/_/./g'`
  echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
  chaintrack=\ ${czfthirdindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
 then
  echo :$czffourthindex "- [0:0]" >> $restoretmp
  s=`gen_ipt_string $czfip/$czffourthbitmask| sed 's/_[0-9]*//4; s/_/./g'`
  echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
  chaintrack=\ ${czffourthindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$pubfirstindex"* ]]
 then
  echo :$pubfirstindex "- [0:0]" >> $restoretmp
  s=`gen_ipt_string $pubip/$pubfirstbitmask| sed 's/_[0-9]*//4; s/_/./g'`
  echo -A PREROUTING -i $wan1 -d $s -j $pubfirstindex >> $restoretmp
  echo -A PREROUTING -i $wan2 -d $s -j $pubfirstindex >> $restoretmp
  echo -A PREROUTING -i $wan3 -d $s -j $pubfirstindex >> $restoretmp
  echo -A PREROUTING -i $wan4 -d $s -j $pubfirstindex >> $restoretmp
  chaintrack=\ ${pubfirstindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$pubsecondindex"* ]]
 then
  echo :$pubsecondindex "- [0:0]" >> $restoretmp
  s=`gen_ipt_string $pubip/$pubsecondbitmask| sed 's/_[0-9]*//4; s/_/./g'`
  echo -A $pubfirstindex -i $wan1 -d $s -j $pubsecondindex >> $restoretmp
  echo -A $pubfirstindex -i $wan2 -d $s -j $pubsecondindex >> $restoretmp
  echo -A $pubfirstindex -i $wan3 -d $s -j $pubsecondindex >> $restoretmp
  echo -A $pubfirstindex -i $wan4 -d $s -j $pubsecondindex >> $restoretmp
  chaintrack=\ ${pubsecondindex}\ ${chaintrack}
 fi

 echo -A $pubsecondindex -i $wan1 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
 echo -A $pubsecondindex -i $wan2 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
 echo -A $pubsecondindex -i $wan3 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
 echo -A $pubsecondindex -i $wan4 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp

 echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT --to-source $pubip >> $restoretmp

 echo -n .

done < $pimp_2way_nat
echo " done."

# ===============================================================
#  SNAT only using indexed iptables (should be rather function, hmm)
# ===============================================================
echo -n "Generating new iptables-restore data - one way SNAT "

while read LINE; do
 eval `echo -e $LINE | awk '{printf "czfip=%s; pubip=%s\n", $1, $2}'`
 czffirstindex=priv_`gen_ipt_string $czfip/$czffirstbitmask`
 czfsecondindex=priv_`gen_ipt_string $czfip/$czfsecondbitmask`
 czfthirdindex=priv_`gen_ipt_string $czfip/$czfthirdbitmask`
 czffourthindex=priv_`gen_ipt_string $czfip/$czffourthbitmask`

 if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
 then
  echo :$czffirstindex "- [0:0]" >> $restoretmp
  s=`gen_ipt_string $czfip/$czffirstbitmask| sed 's/_[0-9]*//4; s/_/./g'`
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
  echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
  chaintrack=\ ${czffirstindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
 then
  echo :$czfsecondindex "- [0:0]" >> $restoretmp
  s=`gen_ipt_string $czfip/$czfsecondbitmask| sed 's/_[0-9]*//4; s/_/./g'`
  echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
  echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
  chaintrack=\ ${czfsecondindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
 then
  echo :$czfthirdindex "- [0:0]" >> $restoretmp
  s=`gen_ipt_string $czfip/$czfthirdbitmask| sed 's/_[0-9]*//4; s/_/./g'`
  echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
  echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
  chaintrack=\ ${czfthirdindex}\ ${chaintrack}
 fi

 if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
 then
  echo :$czffourthindex "- [0:0]" >> $restoretmp
  s=`gen_ipt_string $czfip/$czffourthbitmask| sed 's/_[0-9]*//4; s/_/./g'`
  echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
  echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
  chaintrack=\ ${czffourthindex}\ ${chaintrack}
 fi

 echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT --to-source $pubip >> $restoretmp
 echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT --to-source $pubip >> $restoretmp

 echo -n .
done < $pimp_snat
echo " done."

echo COMMIT >> $restoretmp
echo -n "Writing $restoredata"
mv $restoretmp $restoredata
Commit	Line	Data
86d37066	1	#!/bin/bash
f1bba845	2	# $Id$
86d37066	3	iptables="/sbin/iptables"
86d37066	4	iptablesrestore="/sbin/iptables-restore"
86d37066	5
86d37066	6	#pimp files must be generated by optional-tools/make-pimp utility
3a4fe273	7	pimp_2way_nat="/dev/shm/pimp-2way-nat.tmp"
3a4fe273	8	pimp_snat="/dev/shm/pimp-snat.tmp"
86d37066	9	etchosts="/mnt/mtdblock0/hosts"
3a4fe273	10	restoretmp="/dev/shm/iptables-restore.tmp"
86d37066	11	restoredata="/mnt/mtdblock0/iptables-restore.in"
	12	wan1="vlan770"
	13	wan2="vlan771"
	14	wan3="vlan772"
3a4fe273	15	wan4="vlan774"
	16	czffirstbitmask="19"
	17	czfsecondbitmask="22"
	18	czfthirdbitmask="25"
	19	czffourthbitmask="28"
	20	pubfirstbitmask="26"
	21	pubsecondbitmask="29"
143c9a45	22	chaintrack="_"
3a4fe273	23
f1bba845	24	# ===============================================================
	25	# ipcalc rewrite
	26	# ===============================================================
	27
	28	gen_ipt_string() {
	29	eval `echo $1 \| awk -F\/ '{printf "IP=%s; CIDRMASK=%s; \n", $1, $2}'`
	30
	31	MASK_FULL_OCTETS=$(($CIDRMASK/8))
	32	MASK_PART_OCTETS=$(($CIDRMASK%8))
	33	for i in `seq 0 3`; do
	34	if [ "$i" -lt "$MASK_FULL_OCTETS" ]; then
	35	MASK+="255"
	36	elif [ "$i" -eq "$MASK_FULL_OCTETS" ]; then
	37	MASK+=$((256 - 2**(8-$MASK_PART_OCTETS)))
	38	else
	39	MASK+="0"
	40	fi
	41	[ "$i" -lt "3" ] && MASK+="."
	42	done
	43
	44	eval `echo $IP \| awk -F\. '{printf "IPBYTE1=%s; IPBYTE2=%s; IPBYTE3=%s; IPBYTE4=%s; \n", $1, $2, $3, $4}'`
	45	eval `echo $MASK \| awk -F\. '{printf "MASKBYTE1=%s; MASKBYTE2=%s; MASKBYTE3=%s; MASKBYTE4=%s; \n", $1, $2, $3, $4}'`
	46
	47	IPT_STRING="$(($IPBYTE1 & $MASKBYTE1))_$(($IPBYTE2 & $MASKBYTE2))_$(($IPBYTE3 & $MASKBYTE3))_$(($IPBYTE4 & $MASKBYTE4))_$CIDRMASK"
	48	echo $IPT_STRING
	49	}
	50
3a4fe273	51	echo "*nat" > $restoretmp
	52	echo ":PREROUTING ACCEPT [0:0]" >> $restoretmp
	53	echo ":POSTROUTING ACCEPT [0:0]" >> $restoretmp
	54	echo ":OUTPUT ACCEPT [0:0]" >> $restoretmp
86d37066	55
	56	# ===============================================================
	57	# Symetrical SNAT-DNAT using indexed iptables
	58	# ===============================================================
86d37066	59	echo -n "Generating new iptables-restore data - two way SNAT/DNAT "
86d37066	60
f1bba845	61
	62	while read LINE; do
	63	eval `echo -e $LINE \| awk '{printf "czfip=%s; pubip=%s\n", $1, $2}'`
	64	czffirstindex=priv_`gen_ipt_string $czfip/$czffirstbitmask`
	65	czfsecondindex=priv_`gen_ipt_string $czfip/$czfsecondbitmask`
	66	czfthirdindex=priv_`gen_ipt_string $czfip/$czfthirdbitmask`
	67	czffourthindex=priv_`gen_ipt_string $czfip/$czffourthbitmask`
	68	pubfirstindex=pub_`gen_ipt_string $pubip/$pubfirstbitmask`
	69	pubsecondindex=pub_`gen_ipt_string $pubip/$pubsecondbitmask`
143c9a45	70
143c9a45	71	if ! [[ "$chaintrack" == "$czffirstindex" ]]
86d37066	72	then
3a4fe273	73	echo :$czffirstindex "- [0:0]" >> $restoretmp
f1bba845	74	s=`gen_ipt_string $czfip/$czffirstbitmask\| sed 's/_[0-9]*//4; s/_/./g'`
143c9a45	75	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
	76	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
	77	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
	78	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
	79	chaintrack=\ ${czffirstindex}\ ${chaintrack}
86d37066	80	fi
86d37066	81
143c9a45	82	if ! [[ "$chaintrack" == "$czfsecondindex" ]]
86d37066	83	then
3a4fe273	84	echo :$czfsecondindex "- [0:0]" >> $restoretmp
f1bba845	85	s=`gen_ipt_string $czfip/$czfsecondbitmask\| sed 's/_[0-9]*//4; s/_/./g'`
143c9a45	86	echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
	87	echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
	88	echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
	89	echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
	90	chaintrack=\ ${czfsecondindex}\ ${chaintrack}
86d37066	91	fi
86d37066	92
143c9a45	93	if ! [[ "$chaintrack" == "$czfthirdindex" ]]
86d37066	94	then
3a4fe273	95	echo :$czfthirdindex "- [0:0]" >> $restoretmp
f1bba845	96	s=`gen_ipt_string $czfip/$czfthirdbitmask\| sed 's/_[0-9]*//4; s/_/./g'`
143c9a45	97	echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
	98	echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
	99	echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
	100	echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
	101	chaintrack=\ ${czfthirdindex}\ ${chaintrack}
86d37066	102	fi
86d37066	103
143c9a45	104	if ! [[ "$chaintrack" == "$czffourthindex" ]]
86d37066	105	then
3a4fe273	106	echo :$czffourthindex "- [0:0]" >> $restoretmp
f1bba845	107	s=`gen_ipt_string $czfip/$czffourthbitmask\| sed 's/_[0-9]*//4; s/_/./g'`
143c9a45	108	echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
	109	echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
	110	echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
	111	echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
	112	chaintrack=\ ${czffourthindex}\ ${chaintrack}
86d37066	113	fi
86d37066	114
143c9a45	115	if ! [[ "$chaintrack" == "$pubfirstindex" ]]
86d37066	116	then
3a4fe273	117	echo :$pubfirstindex "- [0:0]" >> $restoretmp
f1bba845	118	s=`gen_ipt_string $pubip/$pubfirstbitmask\| sed 's/_[0-9]*//4; s/_/./g'`
143c9a45	119	echo -A PREROUTING -i $wan1 -d $s -j $pubfirstindex >> $restoretmp
	120	echo -A PREROUTING -i $wan2 -d $s -j $pubfirstindex >> $restoretmp
	121	echo -A PREROUTING -i $wan3 -d $s -j $pubfirstindex >> $restoretmp
	122	echo -A PREROUTING -i $wan4 -d $s -j $pubfirstindex >> $restoretmp
	123	chaintrack=\ ${pubfirstindex}\ ${chaintrack}
86d37066	124	fi
86d37066	125
143c9a45	126	if ! [[ "$chaintrack" == "$pubsecondindex" ]]
3a4fe273	127	then
3a4fe273	128	echo :$pubsecondindex "- [0:0]" >> $restoretmp
f1bba845	129	s=`gen_ipt_string $pubip/$pubsecondbitmask\| sed 's/_[0-9]*//4; s/_/./g'`
143c9a45	130	echo -A $pubfirstindex -i $wan1 -d $s -j $pubsecondindex >> $restoretmp
	131	echo -A $pubfirstindex -i $wan2 -d $s -j $pubsecondindex >> $restoretmp
	132	echo -A $pubfirstindex -i $wan3 -d $s -j $pubsecondindex >> $restoretmp
	133	echo -A $pubfirstindex -i $wan4 -d $s -j $pubsecondindex >> $restoretmp
	134	chaintrack=\ ${pubsecondindex}\ ${chaintrack}
3a4fe273	135	fi
86d37066	136
3a4fe273	137	echo -A $pubsecondindex -i $wan1 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
	138	echo -A $pubsecondindex -i $wan2 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
	139	echo -A $pubsecondindex -i $wan3 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
	140	echo -A $pubsecondindex -i $wan4 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
86d37066	141
3a4fe273	142	echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT --to-source $pubip >> $restoretmp
	143	echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT --to-source $pubip >> $restoretmp
	144	echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT --to-source $pubip >> $restoretmp
	145	echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT --to-source $pubip >> $restoretmp
86d37066	146
86d37066	147	echo -n .
143c9a45	148
f1bba845	149	done < $pimp_2way_nat
86d37066	150	echo " done."
86d37066	151
86d37066	152	# ===============================================================
	153	# SNAT only using indexed iptables (should be rather function, hmm)
	154	# ===============================================================
143c9a45	155	echo -n "Generating new iptables-restore data - one way SNAT "
86d37066	156
f1bba845	157	while read LINE; do
	158	eval `echo -e $LINE \| awk '{printf "czfip=%s; pubip=%s\n", $1, $2}'`
	159	czffirstindex=priv_`gen_ipt_string $czfip/$czffirstbitmask`
	160	czfsecondindex=priv_`gen_ipt_string $czfip/$czfsecondbitmask`
	161	czfthirdindex=priv_`gen_ipt_string $czfip/$czfthirdbitmask`
	162	czffourthindex=priv_`gen_ipt_string $czfip/$czffourthbitmask`
3a4fe273	163
143c9a45	164	if ! [[ "$chaintrack" == "$czffirstindex" ]]
3a4fe273	165	then
3a4fe273	166	echo :$czffirstindex "- [0:0]" >> $restoretmp
f1bba845	167	s=`gen_ipt_string $czfip/$czffirstbitmask\| sed 's/_[0-9]*//4; s/_/./g'`
143c9a45	168	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
	169	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
	170	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
	171	echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
	172	chaintrack=\ ${czffirstindex}\ ${chaintrack}
3a4fe273	173	fi
86d37066	174
143c9a45	175	if ! [[ "$chaintrack" == "$czfsecondindex" ]]
86d37066	176	then
3a4fe273	177	echo :$czfsecondindex "- [0:0]" >> $restoretmp
f1bba845	178	s=`gen_ipt_string $czfip/$czfsecondbitmask\| sed 's/_[0-9]*//4; s/_/./g'`
143c9a45	179	echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
	180	echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
	181	echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
	182	echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
	183	chaintrack=\ ${czfsecondindex}\ ${chaintrack}
86d37066	184	fi
86d37066	185
143c9a45	186	if ! [[ "$chaintrack" == "$czfthirdindex" ]]
86d37066	187	then
3a4fe273	188	echo :$czfthirdindex "- [0:0]" >> $restoretmp
f1bba845	189	s=`gen_ipt_string $czfip/$czfthirdbitmask\| sed 's/_[0-9]*//4; s/_/./g'`
143c9a45	190	echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
	191	echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
	192	echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
	193	echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
	194	chaintrack=\ ${czfthirdindex}\ ${chaintrack}
86d37066	195	fi
86d37066	196
143c9a45	197	if ! [[ "$chaintrack" == "$czffourthindex" ]]
86d37066	198	then
3a4fe273	199	echo :$czffourthindex "- [0:0]" >> $restoretmp
f1bba845	200	s=`gen_ipt_string $czfip/$czffourthbitmask\| sed 's/_[0-9]*//4; s/_/./g'`
143c9a45	201	echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
	202	echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
	203	echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
	204	echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
	205	chaintrack=\ ${czffourthindex}\ ${chaintrack}
86d37066	206	fi
86d37066	207
3a4fe273	208	echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT --to-source $pubip >> $restoretmp
	209	echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT --to-source $pubip >> $restoretmp
	210	echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT --to-source $pubip >> $restoretmp
	211	echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT --to-source $pubip >> $restoretmp
86d37066	212
86d37066	213	echo -n .
f1bba845	214	done < $pimp_snat
86d37066	215	echo " done."
86d37066	216
3a4fe273	217	echo COMMIT >> $restoretmp
143c9a45	218	echo -n "Writing $restoredata"
143c9a45	219	mv $restoretmp $restoredata