master
bbruns@gmail.com
parent
d853f28cdf
commit
a4640001b7
|
|
@ -24,6 +24,15 @@ EnableTrustedv4Hosts="yes"
|
|||
# Values: no | yes (default)
|
||||
Enablev4MSSClamp="yes"
|
||||
|
||||
# Enable connection tracking features of netfilter/iptables
|
||||
# conntracking allows the firewall to be smart about what
|
||||
# packets it allows and refuses. On highly loaded systems or
|
||||
# ones with low memory, this may be desirable. Everyone else
|
||||
# should probably leave this on.
|
||||
# Depended on by: Enablev4NAT
|
||||
# Values: no | yes (default)
|
||||
Enablev4ConnectionTracking="yes"
|
||||
|
||||
# Use /etc/resolv.conf as source for DNS servers that we communicate
|
||||
# with as a client. If you turn this off (recommended if on static IP),
|
||||
# then you will need to manually define the DNS servers you use.
|
||||
|
|
@ -62,5 +71,6 @@ Enablev4Forwarding="yes"
|
|||
# Enable IPv4 NAT/NETMAP rules
|
||||
# This allows you to set up NAT rules, SNAT, MASQ, and NETMAP
|
||||
# Config file: ipv4/nat.conf
|
||||
# Requires: Enablev4ConnectionTracking="yes"
|
||||
# Values: no | yes (default)
|
||||
Enablev4NAT="yes"
|
||||
|
|
@ -24,6 +24,15 @@ EnableTrustedv6Hosts="yes"
|
|||
# Values: no | yes (default)
|
||||
Enablev6MSSClamp="yes"
|
||||
|
||||
# Enable connection tracking features of netfilter/iptables
|
||||
# conntracking allows the firewall to be smart about what
|
||||
# packets it allows and refuses. On highly loaded systems or
|
||||
# ones with low memory, this may be desirable. Everyone else
|
||||
# should probably leave this on.
|
||||
# Depended on by: Enablev6NAT
|
||||
# Values: no | yes (default)
|
||||
Enablev6ConnectionTracking="yes"
|
||||
|
||||
# Use /etc/resolv.conf as source for DNS servers that we communicate
|
||||
# with as a client. If you turn this off (recommended if on static IP),
|
||||
# then you will need to manually define the DNS servers you use.
|
||||
|
|
@ -62,5 +71,6 @@ Enablev6Forwarding="yes"
|
|||
# Enable IPv6 NAT/NETMAP rules
|
||||
# This allows you to set up NAT rules, SNAT, MASQ, and NETMAP
|
||||
# Config file: ipv4/nat.conf
|
||||
# Requires: Enablev6ConnectionTracking="yes"
|
||||
# Values: no | yes (default)
|
||||
Enablev6NAT="yes"
|
||||
|
|
@ -372,6 +372,9 @@ function enable_nat {
|
|||
IPVER="4" ;;
|
||||
esac
|
||||
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} loading"
|
||||
([[ ${IPVER} == "4" ]] && [[ ${Enablev4ConnectionTracking} != "yes" ]]) && ${display} RED "${FUNCNAME}: ERROR:${DEFAULT_COLOR} Unable to load NAT rules if Enablev4ConnectionTracking=no" && return 1
|
||||
([[ ${IPVER} == "6" ]] && [[ ${Enablev6ConnectionTracking} != "yes" ]]) && ${display} RED "${FUNCNAME}: ERROR:${DEFAULT_COLOR} Unable to load NAT rules if Enablev6ConnectionTracking=no" && return 1
|
||||
|
||||
if [ -e "${FWCONFIGDIR}/ipv${IPVER}/nat.conf" ]; then
|
||||
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} read ${FWCONFIGDIR}/ipv${IPVER}/nat.conf successful"
|
||||
while read -r type srcinterface srcaddress dstinterface dstaddress; do
|
||||
|
|
@ -411,4 +414,5 @@ function enable_nat {
|
|||
done < "${FWCONFIGDIR}/ipv${IPVER}/nat.conf"
|
||||
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done"
|
||||
fi
|
||||
|
||||
}
|
||||
Loading…
Reference in New Issue