From a9677f5d51079572e544f106e0034dd40cfd5a0b Mon Sep 17 00:00:00 2001
From: "bruns@2mbit.com" <bruns@2mbit.com@e5899ace-8841-11de-95b9-8f387cfb8bc3>
Date: Thu, 13 Aug 2009 21:56:21 +0000
Subject: [PATCH] Add routing features

---
 ipv4-routing    |  4 ++++
 options.default |  2 +-
 rc.firewall     | 13 +++++++++----
 3 files changed, 14 insertions(+), 5 deletions(-)
 create mode 100644 ipv4-routing

diff --git a/ipv4-routing b/ipv4-routing
new file mode 100644
index 0000000..ea87149
--- /dev/null
+++ b/ipv4-routing
@@ -0,0 +1,4 @@
+# IPv4 routing
+# Format is:
+# int1:int1range:int2:int2range:reverse?
+# eth0:192.168.0.0/24:eth1:192.168.1.0/24:1
diff --git a/options.default b/options.default
index 29fe425..c529957 100755
--- a/options.default
+++ b/options.default
@@ -42,7 +42,7 @@ TRUSTEDIP="127.0.0.1"
 DONTTRACK="127.0.0.1"
 
 # IP range(s) to forward
-FORWARDRANGE="192.168.1.0/24"
+ROUTING=$BASEDIR/ipv4-routing
 
 # IP ranges(s) to NAT using SNAT.
 NATRANGE="192.168.1.0/24"
diff --git a/rc.firewall b/rc.firewall
index 4080960..9b66277 100755
--- a/rc.firewall
+++ b/rc.firewall
@@ -77,10 +77,15 @@ if [ $CONNTRACK ]; then
 	done
 fi
 
-if [ $CONNTRACK ]; then
-	for i in $FORWARDRANGE; do
-		$IPTABLES -A FORWARD -s $i -j ACCEPT
-		$IPTABLES -A FORWARD -d $i -j ACCEPT
+if [ $ROUTING ]; then
+	for i in `grep -v "\#" $ROUTING`; do
+		ROUTE=( ${i//:/ } )
+		$IPTABLES -A FORWARD -i ${ROUTE[0]} -o ${ROUTE[2]} \
+			-s ${ROUTE[1]} -d ${ROUTE[3]} -j ACCEPT
+		if [ ${ROUTE[4]} == "1" ]
+ 			$IPTABLES -A FORWARD -o ${ROUTE[0]} -i ${ROUTE[2]} \
+				-d ${ROUTE[1]} -s ${ROUTE[3]} -j ACCEPT
+		fi
 	done
 fi