mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 22:58:52 +01:00
Allow runtime address variables as the server IP in DNAT rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
72293883dd
commit
1a2647618e
@ -6324,7 +6324,7 @@ sub match_dest_net( $;$ ) {
|
||||
return '-d ' . record_runtime_address $1, $2;
|
||||
}
|
||||
|
||||
$net = validate_net $net, 1;
|
||||
$net = validate_net $net, 1 unless $net =~ /^\$/; # Don't validate if runtime address variable
|
||||
$net eq ALLIP ? '' : "-d $net ";
|
||||
}
|
||||
|
||||
@ -6405,7 +6405,7 @@ sub imatch_dest_net( $;$ ) {
|
||||
return ( d => record_runtime_address( $1, $2, 1 ) );
|
||||
}
|
||||
|
||||
$net = validate_net $net, 1;
|
||||
$net = validate_net $net, 1 unless $net =~ /^\$/; # Don't validate if runtime address variable
|
||||
$net eq ALLIP ? () : ( d => $net );
|
||||
}
|
||||
|
||||
@ -7528,6 +7528,11 @@ sub isolate_dest_interface( $$$$ ) {
|
||||
|
||||
$rule .= "-d $variable ";
|
||||
}
|
||||
} elsif ( $dest =~ /^\$/ ) {
|
||||
#
|
||||
# Runtime address variable
|
||||
#
|
||||
$dnets = $dest;
|
||||
} elsif ( $family == F_IPV4 ) {
|
||||
if ( $dest =~ /^(.+?):(.+)$/ ) {
|
||||
$diface = $1;
|
||||
|
@ -941,7 +941,15 @@ sub handle_nat_rule( $$$$$$$$$$$$$ ) {
|
||||
} else {
|
||||
$server = $1 if $family == F_IPV6 && $server =~ /^\[(.+)\]$/;
|
||||
fatal_error "Invalid server IP address ($server)" if $server eq ALLIP || $server eq NILIP;
|
||||
my @servers = validate_address $server, 1;
|
||||
|
||||
my @servers;
|
||||
|
||||
if ( ( $server =~ /^([&%])(.+)/ ) ) {
|
||||
@servers = ( record_runtime_address( $1, $2 ) );
|
||||
} else {
|
||||
@servers = validate_address $server, 1;
|
||||
}
|
||||
|
||||
$server = join ',', @servers;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user