3 iptables
="/sbin/iptables"
4 iptablesrestore
="/sbin/iptables-restore"
6 #pimp files must be generated by optional-tools/make-pimp utility
7 pimp_2way_nat
="/dev/shm/pimp-2way-nat.tmp"
8 pimp_snat
="/dev/shm/pimp-snat.tmp"
9 etchosts
="/mnt/mtdblock0/hosts"
10 restoretmp
="/dev/shm/iptables-restore.tmp"
11 restoredata
="/mnt/mtdblock0/iptables-restore.in"
24 # ===============================================================
26 # ===============================================================
29 eval `echo $1 | awk -F\/ '{printf "IP=%s; CIDRMASK=%s; \n", $1, $2}'`
31 MASK_FULL_OCTETS
=$
(($CIDRMASK/8))
32 MASK_PART_OCTETS
=$
(($CIDRMASK%8))
33 for i
in `seq 0 3`; do
34 if [ "$i" -lt "$MASK_FULL_OCTETS" ]; then
36 elif [ "$i" -eq "$MASK_FULL_OCTETS" ]; then
37 MASK
+=$
((256 - 2**(8-$MASK_PART_OCTETS)))
41 [ "$i" -lt "3" ] && MASK
+="."
44 eval `echo $IP | awk -F\. '{printf "IPBYTE1=%s; IPBYTE2=%s; IPBYTE3=%s; IPBYTE4=%s; \n", $1, $2, $3, $4}'`
45 eval `echo $MASK | awk -F\. '{printf "MASKBYTE1=%s; MASKBYTE2=%s; MASKBYTE3=%s; MASKBYTE4=%s; \n", $1, $2, $3, $4}'`
47 IPT_STRING
="$(($IPBYTE1 & $MASKBYTE1))_$(($IPBYTE2 & $MASKBYTE2))_$(($IPBYTE3 & $MASKBYTE3))_$(($IPBYTE4 & $MASKBYTE4))_$CIDRMASK"
51 echo "*nat" > $restoretmp
52 echo ":PREROUTING ACCEPT [0:0]" >> $restoretmp
53 echo ":POSTROUTING ACCEPT [0:0]" >> $restoretmp
54 echo ":OUTPUT ACCEPT [0:0]" >> $restoretmp
56 # ===============================================================
57 # Symetrical SNAT-DNAT using indexed iptables
58 # ===============================================================
59 echo -n "Generating new iptables-restore data - two way SNAT/DNAT "
63 eval `echo -e $LINE | awk '{printf "czfip=%s; pubip=%s\n", $1, $2}'`
64 czffirstindex
=priv_
`gen_ipt_string $czfip/$czffirstbitmask`
65 czfsecondindex
=priv_
`gen_ipt_string $czfip/$czfsecondbitmask`
66 czfthirdindex
=priv_
`gen_ipt_string $czfip/$czfthirdbitmask`
67 czffourthindex
=priv_
`gen_ipt_string $czfip/$czffourthbitmask`
68 pubfirstindex
=pub_
`gen_ipt_string $pubip/$pubfirstbitmask`
69 pubsecondindex
=pub_
`gen_ipt_string $pubip/$pubsecondbitmask`
71 if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
73 echo :$czffirstindex "- [0:0]" >> $restoretmp
74 s
=`gen_ipt_string $czfip/$czffirstbitmask| sed 's/_[0-9]*//4; s/_/./g'`
75 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
76 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
77 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
78 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
79 chaintrack
=\
${czffirstindex}\
${chaintrack}
82 if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
84 echo :$czfsecondindex "- [0:0]" >> $restoretmp
85 s
=`gen_ipt_string $czfip/$czfsecondbitmask| sed 's/_[0-9]*//4; s/_/./g'`
86 echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
87 echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
88 echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
89 echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
90 chaintrack
=\
${czfsecondindex}\
${chaintrack}
93 if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
95 echo :$czfthirdindex "- [0:0]" >> $restoretmp
96 s
=`gen_ipt_string $czfip/$czfthirdbitmask| sed 's/_[0-9]*//4; s/_/./g'`
97 echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
98 echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
99 echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
100 echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
101 chaintrack
=\
${czfthirdindex}\
${chaintrack}
104 if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
106 echo :$czffourthindex "- [0:0]" >> $restoretmp
107 s
=`gen_ipt_string $czfip/$czffourthbitmask| sed 's/_[0-9]*//4; s/_/./g'`
108 echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
109 echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
110 echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
111 echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
112 chaintrack
=\
${czffourthindex}\
${chaintrack}
115 if ! [[ "$chaintrack" == *"$pubfirstindex"* ]]
117 echo :$pubfirstindex "- [0:0]" >> $restoretmp
118 s
=`gen_ipt_string $pubip/$pubfirstbitmask| sed 's/_[0-9]*//4; s/_/./g'`
119 echo -A PREROUTING
-i $wan1 -d $s -j $pubfirstindex >> $restoretmp
120 echo -A PREROUTING
-i $wan2 -d $s -j $pubfirstindex >> $restoretmp
121 echo -A PREROUTING
-i $wan3 -d $s -j $pubfirstindex >> $restoretmp
122 echo -A PREROUTING
-i $wan4 -d $s -j $pubfirstindex >> $restoretmp
123 chaintrack
=\
${pubfirstindex}\
${chaintrack}
126 if ! [[ "$chaintrack" == *"$pubsecondindex"* ]]
128 echo :$pubsecondindex "- [0:0]" >> $restoretmp
129 s
=`gen_ipt_string $pubip/$pubsecondbitmask| sed 's/_[0-9]*//4; s/_/./g'`
130 echo -A $pubfirstindex -i $wan1 -d $s -j $pubsecondindex >> $restoretmp
131 echo -A $pubfirstindex -i $wan2 -d $s -j $pubsecondindex >> $restoretmp
132 echo -A $pubfirstindex -i $wan3 -d $s -j $pubsecondindex >> $restoretmp
133 echo -A $pubfirstindex -i $wan4 -d $s -j $pubsecondindex >> $restoretmp
134 chaintrack
=\
${pubsecondindex}\
${chaintrack}
137 echo -A $pubsecondindex -i $wan1 -d $pubip/32 -j DNAT
--to-destination $czfip >> $restoretmp
138 echo -A $pubsecondindex -i $wan2 -d $pubip/32 -j DNAT
--to-destination $czfip >> $restoretmp
139 echo -A $pubsecondindex -i $wan3 -d $pubip/32 -j DNAT
--to-destination $czfip >> $restoretmp
140 echo -A $pubsecondindex -i $wan4 -d $pubip/32 -j DNAT
--to-destination $czfip >> $restoretmp
142 echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT
--to-source $pubip >> $restoretmp
143 echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT
--to-source $pubip >> $restoretmp
144 echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT
--to-source $pubip >> $restoretmp
145 echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT
--to-source $pubip >> $restoretmp
149 done < $pimp_2way_nat
152 # ===============================================================
153 # SNAT only using indexed iptables (should be rather function, hmm)
154 # ===============================================================
155 echo -n "Generating new iptables-restore data - one way SNAT "
158 eval `echo -e $LINE | awk '{printf "czfip=%s; pubip=%s\n", $1, $2}'`
159 czffirstindex
=priv_
`gen_ipt_string $czfip/$czffirstbitmask`
160 czfsecondindex
=priv_
`gen_ipt_string $czfip/$czfsecondbitmask`
161 czfthirdindex
=priv_
`gen_ipt_string $czfip/$czfthirdbitmask`
162 czffourthindex
=priv_
`gen_ipt_string $czfip/$czffourthbitmask`
164 if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
166 echo :$czffirstindex "- [0:0]" >> $restoretmp
167 s
=`gen_ipt_string $czfip/$czffirstbitmask| sed 's/_[0-9]*//4; s/_/./g'`
168 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
169 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
170 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
171 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
172 chaintrack
=\
${czffirstindex}\
${chaintrack}
175 if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
177 echo :$czfsecondindex "- [0:0]" >> $restoretmp
178 s
=`gen_ipt_string $czfip/$czfsecondbitmask| sed 's/_[0-9]*//4; s/_/./g'`
179 echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
180 echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
181 echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
182 echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
183 chaintrack
=\
${czfsecondindex}\
${chaintrack}
186 if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
188 echo :$czfthirdindex "- [0:0]" >> $restoretmp
189 s
=`gen_ipt_string $czfip/$czfthirdbitmask| sed 's/_[0-9]*//4; s/_/./g'`
190 echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
191 echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
192 echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
193 echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
194 chaintrack
=\
${czfthirdindex}\
${chaintrack}
197 if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
199 echo :$czffourthindex "- [0:0]" >> $restoretmp
200 s
=`gen_ipt_string $czfip/$czffourthbitmask| sed 's/_[0-9]*//4; s/_/./g'`
201 echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
202 echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
203 echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
204 echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
205 chaintrack
=\
${czffourthindex}\
${chaintrack}
208 echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT
--to-source $pubip >> $restoretmp
209 echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT
--to-source $pubip >> $restoretmp
210 echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT
--to-source $pubip >> $restoretmp
211 echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT
--to-source $pubip >> $restoretmp
217 echo COMMIT
>> $restoretmp
218 echo -n "Writing $restoredata"
219 mv $restoretmp $restoredata
This page took 0.423634 seconds and 5 git commands to generate.