GIT.Harvie.CZ / svn / Prometheus-QoS / .git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
IPv6 support: step 1. prometheus.conf + hosts parsing
[svn/Prometheus-QoS/.git] / optional-tools / make-iptables-restore
1 #!/bin/bash
2 # $Id$
3 iptables="/sbin/iptables"
4 iptablesrestore="/sbin/iptables-restore"
5 ifconfig="/sbin/ifconfig"
6 grep="/bin/grep"
7 cut="/usr/bin/cut"
8 ipcalc="/usr/bin/ipcalc"
9
10 #pimp files must be generated by optional-tools/make-pimp utility
11 pimp_2way_nat="/dev/shm/pimp-2way-nat.tmp"
12 pimp_snat="/dev/shm/pimp-snat.tmp"
13 etchosts="/mnt/mtdblock0/hosts"
14 restoretmp="/dev/shm/iptables-restore.tmp"
15 restoredata="/mnt/mtdblock0/iptables-restore.in"
16 wan1="vlan770"
17 wan2="vlan771"
18 wan3="vlan772"
19 wan4="vlan774"
20 czffirstbitmask="19"
21 czfsecondbitmask="22"
22 czfthirdbitmask="25"
23 czffourthbitmask="28"
24 pubfirstbitmask="26"
25 pubsecondbitmask="29"
26 chaintrack="_"
27
28 echo "*nat" > $restoretmp
29 echo ":PREROUTING ACCEPT [0:0]" >> $restoretmp
30 echo ":POSTROUTING ACCEPT [0:0]" >> $restoretmp
31 echo ":OUTPUT ACCEPT [0:0]" >> $restoretmp
32
33 # ===============================================================
34 # Symetrical SNAT-DNAT using indexed iptables
35 # ===============================================================
36 echo -n "Generating new iptables-restore data - two way SNAT/DNAT "
37
38 for czfip in `$grep -v ^# $pimp_2way_nat|$cut -f 1 -d " "`
39 do
40 pubip=`$grep "$czfip " $pimp_2way_nat|$cut -f 2 -d " "`
41 czffirstindex=priv_`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
42 czfsecondindex=priv_`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
43 czfthirdindex=priv_`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
44 czffourthindex=priv_`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
45 pubfirstindex=pub_`$ipcalc -n $pubip/$pubfirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
46 pubsecondindex=pub_`$ipcalc -n $pubip/$pubsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
47
48 if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
49 then
50 echo :$czffirstindex "- [0:0]" >> $restoretmp
51 s=`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ `
52 echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
53 echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
54 echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
55 echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
56 chaintrack=\ ${czffirstindex}\ ${chaintrack}
57 fi
58
59 if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
60 then
61 echo :$czfsecondindex "- [0:0]" >> $restoretmp
62 s=`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ `
63 echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
64 echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
65 echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
66 echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
67 chaintrack=\ ${czfsecondindex}\ ${chaintrack}
68 fi
69
70 if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
71 then
72 echo :$czfthirdindex "- [0:0]" >> $restoretmp
73 s=`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ `
74 echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
75 echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
76 echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
77 echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
78 chaintrack=\ ${czfthirdindex}\ ${chaintrack}
79 fi
80
81 if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
82 then
83 echo :$czffourthindex "- [0:0]" >> $restoretmp
84 s=`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ `
85 echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
86 echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
87 echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
88 echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
89 chaintrack=\ ${czffourthindex}\ ${chaintrack}
90 fi
91
92 if ! [[ "$chaintrack" == *"$pubfirstindex"* ]]
93 then
94 echo :$pubfirstindex "- [0:0]" >> $restoretmp
95 s=`$ipcalc -n $pubip/$pubfirstbitmask|$grep Network|$cut -f 4 -d \ `
96 echo -A PREROUTING -i $wan1 -d $s -j $pubfirstindex >> $restoretmp
97 echo -A PREROUTING -i $wan2 -d $s -j $pubfirstindex >> $restoretmp
98 echo -A PREROUTING -i $wan3 -d $s -j $pubfirstindex >> $restoretmp
99 echo -A PREROUTING -i $wan4 -d $s -j $pubfirstindex >> $restoretmp
100 chaintrack=\ ${pubfirstindex}\ ${chaintrack}
101 fi
102
103 if ! [[ "$chaintrack" == *"$pubsecondindex"* ]]
104 then
105 echo :$pubsecondindex "- [0:0]" >> $restoretmp
106 s=`$ipcalc -n $pubip/$pubsecondbitmask|$grep Network|$cut -f 4 -d \ `
107 echo -A $pubfirstindex -i $wan1 -d $s -j $pubsecondindex >> $restoretmp
108 echo -A $pubfirstindex -i $wan2 -d $s -j $pubsecondindex >> $restoretmp
109 echo -A $pubfirstindex -i $wan3 -d $s -j $pubsecondindex >> $restoretmp
110 echo -A $pubfirstindex -i $wan4 -d $s -j $pubsecondindex >> $restoretmp
111 chaintrack=\ ${pubsecondindex}\ ${chaintrack}
112 fi
113
114 echo -A $pubsecondindex -i $wan1 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
115 echo -A $pubsecondindex -i $wan2 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
116 echo -A $pubsecondindex -i $wan3 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
117 echo -A $pubsecondindex -i $wan4 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
118
119 echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT --to-source $pubip >> $restoretmp
120 echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT --to-source $pubip >> $restoretmp
121 echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT --to-source $pubip >> $restoretmp
122 echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT --to-source $pubip >> $restoretmp
123
124 echo -n .
125
126 done
127 echo " done."
128
129 # ===============================================================
130 # SNAT only using indexed iptables (should be rather function, hmm)
131 # ===============================================================
132 echo -n "Generating new iptables-restore data - one way SNAT "
133
134 for czfip in `$grep -v ^# $pimp_snat|$cut -f 1 -d " "`
135 do
136 pubip=`$grep "$czfip " $pimp_snat|$cut -f 2 -d " "`
137 czffirstindex=priv_`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
138 czfsecondindex=priv_`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
139 czfthirdindex=priv_`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
140 czffourthindex=priv_`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
141
142 if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
143 then
144 echo :$czffirstindex "- [0:0]" >> $restoretmp
145 s=`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ `
146 echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
147 echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
148 echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
149 echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
150 chaintrack=\ ${czffirstindex}\ ${chaintrack}
151 fi
152
153 if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
154 then
155 echo :$czfsecondindex "- [0:0]" >> $restoretmp
156 s=`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ `
157 echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
158 echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
159 echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
160 echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
161 chaintrack=\ ${czfsecondindex}\ ${chaintrack}
162 fi
163
164 if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
165 then
166 echo :$czfthirdindex "- [0:0]" >> $restoretmp
167 s=`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ `
168 echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
169 echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
170 echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
171 echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
172 chaintrack=\ ${czfthirdindex}\ ${chaintrack}
173 fi
174
175 if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
176 then
177 echo :$czffourthindex "- [0:0]" >> $restoretmp
178 s=`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ `
179 echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
180 echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
181 echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
182 echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
183 chaintrack=\ ${czffourthindex}\ ${chaintrack}
184 fi
185
186 echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT --to-source $pubip >> $restoretmp
187 echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT --to-source $pubip >> $restoretmp
188 echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT --to-source $pubip >> $restoretmp
189 echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT --to-source $pubip >> $restoretmp
190
191 echo -n .
192 done
193 echo " done."
194
195 echo COMMIT >> $restoretmp
196 echo -n "Writing $restoredata"
197 mv $restoretmp $restoredata
https://dev.arachne.cz/repos/prometheus/trunk (mirrored @ Tue, 16 Apr 2024 14:15:04 +0200)
This page took 0.415127 seconds and 4 git commands to generate.