GIT.Harvie.CZ / svn / Prometheus-QoS / .git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
this is not really self-explanatory, but anyway...
[svn/Prometheus-QoS/.git] / optional-tools / make-iptables-restore
1 #!/bin/bash
2 iptables="/sbin/iptables"
3 iptablesrestore="/sbin/iptables-restore"
4 ifconfig="/sbin/ifconfig"
5
6 #pimp files must be generated by optional-tools/make-pimp utility
7 pimp_2way_nat="/mnt/mtdblock0/pimp-2way-nat.tmp"
8 pimp_snat="/mnt/mtdblock0/pimp-snat.tmp"
9 etchosts="/mnt/mtdblock0/hosts"
10 restoredata="/mnt/mtdblock0/iptables-restore.in"
11 wan1="vlan770"
12 wan2="vlan771"
13 #just comment-out all lines mentioning wan3 on two-interface gateways
14 wan3="vlan772"
15
16 echo "*nat" > $restoredata
17 echo ":PREROUTING ACCEPT [0:0]" >> $restoredata
18 echo ":POSTROUTING ACCEPT [0:0]" >> $restoredata
19 echo ":OUTPUT ACCEPT [0:0]" >> $restoredata
20
21 # ===============================================================
22 # Symetrical SNAT-DNAT using indexed iptables
23 # ===============================================================
24
25 echo -n "Generating new iptables-restore data - two way SNAT/DNAT "
26
27 for czfip in `grep -v ^# $pimp_2way_nat|cut -f 1 -d " "`
28 do
29 pubip=`grep "$czfip " $pimp_2way_nat|cut -f 2 -d " "`
30 czffirstindex=priv_`ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ |tr [./] _`
31 czfsecondindex=priv_`ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ |tr [./] _`
32 czfthirdindex=priv_`ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ |tr [./] _`
33 pubfirstindex=pub_`ipcalc -n $pubip/27|grep Network|cut -f 4 -d \ |tr [./] _`
34 pubsecondindex=pub_`ipcalc -n $pubip/29|grep Network|cut -f 4 -d \ |tr [./] _`
35
36 if ! grep $czffirstindex $restoredata > /dev/null
37 then
38 echo :$czffirstindex "- [0:0]" >> $restoredata
39 echo -A POSTROUTING -d ! 10.0.0.0/8 -s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -o $wan1 -j $czffirstindex >> $restoredata
40 echo -A POSTROUTING -d ! 10.0.0.0/8 -s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -o $wan2 -j $czffirstindex >> $restoredata
41 echo -A POSTROUTING -d ! 10.0.0.0/8 -s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -o $wan3 -j $czffirstindex >> $restoredata
42 fi
43
44 if ! grep $czfsecondindex $restoredata > /dev/null
45 then
46 echo :$czfsecondindex "- [0:0]" >> $restoredata
47 echo -A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -o $wan1 -j $czfsecondindex >> $restoredata
48 echo -A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -o $wan2 -j $czfsecondindex >> $restoredata
49 echo -A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -o $wan3 -j $czfsecondindex >> $restoredata
50 fi
51
52 if ! grep $czfthirdindex $restoredata > /dev/null
53 then
54 echo :$czfthirdindex "- [0:0]" >> $restoredata
55 echo -A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -o $wan1 -j $czfthirdindex >> $restoredata
56 echo -A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -o $wan2 -j $czfthirdindex >> $restoredata
57 echo -A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -o $wan3 -j $czfthirdindex >> $restoredata
58 fi
59
60 if ! grep $pubfirstindex $restoredata > /dev/null
61 then
62 echo :$pubfirstindex "- [0:0]" >> $restoredata
63 echo -A PREROUTING -i $wan1 -d `ipcalc -n $pubip/27|grep Network|cut -f 4 -d \ ` -j $pubfirstindex >> $restoredata
64 echo -A PREROUTING -i $wan2 -d `ipcalc -n $pubip/27|grep Network|cut -f 4 -d \ ` -j $pubfirstindex >> $restoredata
65 echo -A PREROUTING -i $wan3 -d `ipcalc -n $pubip/27|grep Network|cut -f 4 -d \ ` -j $pubfirstindex >> $restoredata
66 fi
67
68 if ! grep $pubsecondindex $restoredata > /dev/null
69 then
70 echo :$pubsecondindex "- [0:0]" >> $restoredata
71 echo -A $pubfirstindex -i $wan1 -d `ipcalc -n $pubip/29|grep Network|cut -f 4 -d \ ` -j $pubsecondindex >> $restoredata
72 echo -A $pubfirstindex -i $wan2 -d `ipcalc -n $pubip/29|grep Network|cut -f 4 -d \ ` -j $pubsecondindex >> $restoredata
73 echo -A $pubfirstindex -i $wan3 -d `ipcalc -n $pubip/29|grep Network|cut -f 4 -d \ ` -j $pubsecondindex >> $restoredata
74 fi
75
76 echo -A $pubsecondindex -i $wan1 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoredata
77 echo -A $pubsecondindex -i $wan2 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoredata
78 echo -A $pubsecondindex -i $wan3 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoredata
79 echo -A $pubsecondindex -i $wan1 -d $pubip/32 -j ACCEPT >> $restoredata
80 echo -A $pubsecondindex -i $wan2 -d $pubip/32 -j ACCEPT >> $restoredata
81 echo -A $pubsecondindex -i $wan3 -d $pubip/32 -j ACCEPT >> $restoredata
82
83
84 echo -A $czfthirdindex -s $czfip/32 -o $wan1 -j SNAT --to-source $pubip >> $restoredata
85 echo -A $czfthirdindex -s $czfip/32 -o $wan2 -j SNAT --to-source $pubip >> $restoredata
86 echo -A $czfthirdindex -s $czfip/32 -o $wan3 -j SNAT --to-source $pubip >> $restoredata
87 echo -A $czfthirdindex -s $czfip/32 -o $wan1 -j ACCEPT >> $restoredata
88 echo -A $czfthirdindex -s $czfip/32 -o $wan2 -j ACCEPT >> $restoredata
89 echo -A $czfthirdindex -s $czfip/32 -o $wan3 -j ACCEPT >> $restoredata
90
91 echo -n .
92 done
93 echo " done."
94
95 echo -n "Generating new iptables-restore data - one way SNAT "
96
97 # ===============================================================
98 # SNAT only using indexed iptables (should be rather function, hmm)
99 # ===============================================================
100
101 for czfip in `grep -v ^# $pimp_snat|cut -f 1 -d " "`
102 do
103 pubip=`grep "$czfip " $pimp_snat|cut -f 2 -d " "`
104 czffirstindex=priv_`ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ |tr [./] _`
105 czfsecondindex=priv_`ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ |tr [./] _`
106 czfthirdindex=priv_`ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ |tr [./] _`
107
108 if ! grep $czffirstindex $restoredata > /dev/null
109 then
110 echo :$czffirstindex "- [0:0]" >> $restoredata
111 echo -A POSTROUTING -d ! 10.0.0.0/8 -s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -o $wan1 -j $czffirstindex >> $restoredata
112 echo -A POSTROUTING -d ! 10.0.0.0/8 -s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -o $wan2 -j $czffirstindex >> $restoredata
113 echo -A POSTROUTING -d ! 10.0.0.0/8 -s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -o $wan3 -j $czffirstindex >> $restoredata
114 fi
115
116 if ! grep $czfsecondindex $restoredata > /dev/null
117 then
118 echo :$czfsecondindex "- [0:0]" >> $restoredata
119 echo -A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -o $wan1 -j $czfsecondindex >> $restoredata
120 echo -A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -o $wan2 -j $czfsecondindex >> $restoredata
121 echo -A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -o $wan3 -j $czfsecondindex >> $restoredata
122 fi
123
124 if ! grep $czfthirdindex $restoredata > /dev/null
125 then
126 echo :$czfthirdindex "- [0:0]" >> $restoredata
127 echo -A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -o $wan1 -j $czfthirdindex >> $restoredata
128 echo -A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -o $wan2 -j $czfthirdindex >> $restoredata
129 echo -A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -o $wan3 -j $czfthirdindex >> $restoredata
130 fi
131
132 echo -A $czfthirdindex -s $czfip/32 -o $wan1 -j SNAT --to-source $pubip >> $restoredata
133 echo -A $czfthirdindex -s $czfip/32 -o $wan2 -j SNAT --to-source $pubip >> $restoredata
134 echo -A $czfthirdindex -s $czfip/32 -o $wan3 -j SNAT --to-source $pubip >> $restoredata
135 echo -A $czfthirdindex -s $czfip/32 -o $wan1 -j ACCEPT >> $restoredata
136 echo -A $czfthirdindex -s $czfip/32 -o $wan2 -j ACCEPT >> $restoredata
137 echo -A $czfthirdindex -s $czfip/32 -o $wan3 -j ACCEPT >> $restoredata
138
139 echo -n .
140 done
141 echo " done."
142
143 echo COMMIT >> $restoredata
https://dev.arachne.cz/repos/prometheus/trunk (mirrored @ Fri, 19 Apr 2024 00:30:05 +0200)
This page took 0.383152 seconds and 4 git commands to generate.