brielle/SRFirewall
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

More fixes with NETMAP. This time, lets put rules with -src interface in them in the PREROUTING chain.

Browse Source
This commit is contained in:
Brie Bruns 2020-01-01 13:35:11 -07:00
parent 5eb6c581e6
commit 01fe8d5ec6
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/iptables.inc
View File

@ -471,7 +471,7 @@ function enable_nat {
#[[ ${srcinterface} != "-" ]] && revsrcinterface="-o ${srcinterface}" #[[ ${srcinterface} != "-" ]] && revsrcinterface="-o ${srcinterface}"
[[ ${srcinterface} != "-" ]] && srcinterface="-i ${srcinterface}" [[ ${srcinterface} != "-" ]] && srcinterface="-i ${srcinterface}"
[[ ${dstinterface} != "-" ]] && dstinterface="-o ${dstinterface}" [[ ${dstinterface} != "-" ]] && dstinterface="-o ${dstinterface}"
([[ ${srcaddress} != "-" ]] && [[ ${type} != "NETMAP" ]]) && srcaddress="-s ${srcaddress}" [[ ${srcaddress} != "-" ]] && srcaddress="-s ${srcaddress}"
([[ ${dstinterface} != "-" ]] && [[ ${type} == "MASQ" ]]) && action="-j MASQUERADE" ([[ ${dstinterface} != "-" ]] && [[ ${type} == "MASQ" ]]) && action="-j MASQUERADE"
([[ ${dstinterface} == "-" ]] && [[ ${type} == "MASQ" ]]) && \ ([[ ${dstinterface} == "-" ]] && [[ ${type} == "MASQ" ]]) && \
@ -486,7 +486,9 @@ function enable_nat {
[[ ${type} == "NETMAP" ]] && action="-j NETMAP" [[ ${type} == "NETMAP" ]] && action="-j NETMAP"
([[ ${dstaddress} != "-" ]] && [[ ${type} == "NETMAP" ]]) && dstaddress="-d ${dstaddress}" ([[ ${dstaddress} != "-" ]] && [[ ${type} == "NETMAP" ]]) && dstaddress="-d ${dstaddress}"
([[ ${srcaddress} != "-" ]] && [[ ${type} == "NETMAP" ]]) && srcaddress="-s ${srcaddress}" # If we use a source interface, the rule can't go in a POSTROUTING table like what NAT is, so we punt it to PREROUTING
# or it won't work. Plus we remove the destination interface too.
([[ ${srcinterface} != "-" ]] && [[ ${type} == "NETMAP" ]]) && NAT="PREROUTING" && dstinterface="-"
([[ ${custom} == "" ]] && [[ ${type} == "NETMAP" ]]) && \ ([[ ${custom} == "" ]] && [[ ${type} == "NETMAP" ]]) && \
${display} RED "nat.conf: Error - NETMAP rule can not have empty custom address: ${DEFAULT_COLOR}${type} ${srcinterface} ${srcaddress} ${dstinterface} ${dstaddress} ${custom}" \ ${display} RED "nat.conf: Error - NETMAP rule can not have empty custom address: ${DEFAULT_COLOR}${type} ${srcinterface} ${srcaddress} ${dstinterface} ${dstaddress} ${custom}" \
&& continue && continue