This commit is contained in:
		
							parent
							
								
									d853f28cdf
								
							
						
					
					
						commit
						a4640001b7
					
				| @ -24,6 +24,15 @@ EnableTrustedv4Hosts="yes" | |||||||
| # Values: no | yes (default) | # Values: no | yes (default) | ||||||
| Enablev4MSSClamp="yes" | Enablev4MSSClamp="yes" | ||||||
| 
 | 
 | ||||||
|  | # Enable connection tracking features of netfilter/iptables | ||||||
|  | # conntracking allows the firewall to be smart about what | ||||||
|  | # packets it allows and refuses.  On highly loaded systems or | ||||||
|  | # ones with low memory, this may be desirable.  Everyone else | ||||||
|  | # should probably leave this on. | ||||||
|  | # Depended on by: Enablev4NAT | ||||||
|  | # Values: no | yes (default) | ||||||
|  | Enablev4ConnectionTracking="yes" | ||||||
|  | 
 | ||||||
| # Use /etc/resolv.conf as source for DNS servers that we communicate | # Use /etc/resolv.conf as source for DNS servers that we communicate | ||||||
| # with as a client.  If you turn this off (recommended if on static IP), | # with as a client.  If you turn this off (recommended if on static IP), | ||||||
| # then you will need to manually define the DNS servers you use. | # then you will need to manually define the DNS servers you use. | ||||||
| @ -62,5 +71,6 @@ Enablev4Forwarding="yes" | |||||||
| # Enable IPv4 NAT/NETMAP rules | # Enable IPv4 NAT/NETMAP rules | ||||||
| # This allows you to set up NAT rules, SNAT, MASQ, and NETMAP | # This allows you to set up NAT rules, SNAT, MASQ, and NETMAP | ||||||
| # Config file: ipv4/nat.conf | # Config file: ipv4/nat.conf | ||||||
|  | # Requires: Enablev4ConnectionTracking="yes" | ||||||
| # Values: no | yes (default) | # Values: no | yes (default) | ||||||
| Enablev4NAT="yes" | Enablev4NAT="yes" | ||||||
| @ -24,6 +24,15 @@ EnableTrustedv6Hosts="yes" | |||||||
| # Values: no | yes (default) | # Values: no | yes (default) | ||||||
| Enablev6MSSClamp="yes" | Enablev6MSSClamp="yes" | ||||||
| 
 | 
 | ||||||
|  | # Enable connection tracking features of netfilter/iptables | ||||||
|  | # conntracking allows the firewall to be smart about what | ||||||
|  | # packets it allows and refuses.  On highly loaded systems or | ||||||
|  | # ones with low memory, this may be desirable.  Everyone else | ||||||
|  | # should probably leave this on. | ||||||
|  | # Depended on by: Enablev6NAT | ||||||
|  | # Values: no | yes (default) | ||||||
|  | Enablev6ConnectionTracking="yes" | ||||||
|  | 
 | ||||||
| # Use /etc/resolv.conf as source for DNS servers that we communicate | # Use /etc/resolv.conf as source for DNS servers that we communicate | ||||||
| # with as a client.  If you turn this off (recommended if on static IP), | # with as a client.  If you turn this off (recommended if on static IP), | ||||||
| # then you will need to manually define the DNS servers you use. | # then you will need to manually define the DNS servers you use. | ||||||
| @ -62,5 +71,6 @@ Enablev6Forwarding="yes" | |||||||
| # Enable IPv6 NAT/NETMAP rules | # Enable IPv6 NAT/NETMAP rules | ||||||
| # This allows you to set up NAT rules, SNAT, MASQ, and NETMAP | # This allows you to set up NAT rules, SNAT, MASQ, and NETMAP | ||||||
| # Config file: ipv4/nat.conf | # Config file: ipv4/nat.conf | ||||||
|  | # Requires: Enablev6ConnectionTracking="yes" | ||||||
| # Values: no | yes (default) | # Values: no | yes (default) | ||||||
| Enablev6NAT="yes" | Enablev6NAT="yes" | ||||||
| @ -372,6 +372,9 @@ function enable_nat { | |||||||
| 				IPVER="4" ;; | 				IPVER="4" ;; | ||||||
| 	esac | 	esac | ||||||
| 	${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} loading" | 	${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} loading" | ||||||
|  | 	([[ ${IPVER} == "4" ]] && [[ ${Enablev4ConnectionTracking} != "yes" ]]) && ${display} RED "${FUNCNAME}: ERROR:${DEFAULT_COLOR} Unable to load NAT rules if Enablev4ConnectionTracking=no" && return 1 | ||||||
|  | 	([[ ${IPVER} == "6" ]] && [[ ${Enablev6ConnectionTracking} != "yes" ]]) && ${display} RED "${FUNCNAME}: ERROR:${DEFAULT_COLOR} Unable to load NAT rules if Enablev6ConnectionTracking=no" && return 1 | ||||||
|  | 
 | ||||||
| 	if [ -e "${FWCONFIGDIR}/ipv${IPVER}/nat.conf" ]; then | 	if [ -e "${FWCONFIGDIR}/ipv${IPVER}/nat.conf" ]; then | ||||||
| 		${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} read ${FWCONFIGDIR}/ipv${IPVER}/nat.conf successful" | 		${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} read ${FWCONFIGDIR}/ipv${IPVER}/nat.conf successful" | ||||||
| 		while read -r type srcinterface srcaddress dstinterface dstaddress; do | 		while read -r type srcinterface srcaddress dstinterface dstaddress; do | ||||||
| @ -411,4 +414,5 @@ function enable_nat { | |||||||
| 			done < "${FWCONFIGDIR}/ipv${IPVER}/nat.conf" | 			done < "${FWCONFIGDIR}/ipv${IPVER}/nat.conf" | ||||||
| 		${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done" | 		${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done" | ||||||
| 	fi | 	fi | ||||||
|  | 		 | ||||||
| } | } | ||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user