Replace accidentally deleted options in options.default, add NETMAP support

ChangeLog

@@ -1,6 +1,8 @@
 0.9.10 - Brielle Bruns <bruns@2mbit.com>
 	- Move clamp mss up earlier in the rules to possibly
 	  fix an issue I noticed during testing
+	- Move icmp allow code
+	- Prevent duplicate icmp allow rules in NAT code
 
 0.9.9a - Brielle Bruns <bruns@2mbit.com>
 	- Minor bug fixes for my coding errors introduced in

bin/firewall-sosdg

@@ -567,6 +567,10 @@ if [ $NAT ]; then
 				$IPTABLES -A FORWARD -p icmp --icmp-type time-exceeded -i ${NAT_RULE[1]} -o ${NAT_RULE[3]} -j ACCEPT
 				$IPTABLES -A FORWARD -p icmp --icmp-type fragmentation-needed -i ${NAT_RULE[1]} -o ${NAT_RULE[3]} -j ACCEPT
 					;;
+			NETMAP)
+				$IPTABLES -A PREROUTING -t nat -s ${NAT_RULE[2]} -j NETMAP --to ${NAT_RULE[4]}
+				display_c DEFAULT "\t${GREEN}NETMAP:${PURPLE}${NAT_RULE[2]}${AQUA}->${BLUE}${NAT_RULE[4]}"				
+					;;
 				*) display_c RED "Invalid NAT rule in NAT_RANGE" ;;
 			esac
 		done

options.default

@@ -77,6 +77,13 @@ DONTTRACK="127.0.0.1"
 # Mark ipv4 packets for advanced purposes
 #IPv4_MARK=$BASEDIR/ipv4-marks
 
+# IP NAT Rules
+# SNAT:<INT IF>:<INT IP>:<EXT IF>:<EXT IP>
+# MASQ:<INT IF>:<INT IP>:<EXT IF>
+# NETMAP::<INT IP RANGE>::<EXT IP RANGE>
+#NAT_RANGE=""
+
+
 # Hacks to either block specific kinds of attacks or fix problems
 #
 # NS-IN-DDOS - 			Block DNS DDoS using NS/IN spoof, see: