extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-28 02:23:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

First step in adding structure to NAT table ruleset

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8037 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-01-10 19:56:44 +00:00
parent ea9957fd3e
commit 384e88df43
2 changed files with 22 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Shorewall-perl/Shorewall/Chains.pm
View File

@ -122,7 +122,6 @@ our %EXPORT_TAGS = (
log_rule log_rule
expand_rule expand_rule
addnatjump addnatjump
insertnatjump
get_interface_address get_interface_address
get_interface_addresses get_interface_addresses
get_interface_bcasts get_interface_bcasts
@ -2036,21 +2035,6 @@ sub addnatjump( $$$ ) {
} }
} }
#
# If the destination chain exists, then at the position in the source chain given by $$countref, add a jump to the destination.
#
sub insertnatjump( $$$$ ) {
my ( $source, $dest, $countref, $predicates ) = @_;
my $destref = $nat_table->{$dest} || {};
if ( $destref->{referenced} ) {
insert_rule $nat_table->{$source} , ($$countref)++, $predicates . "-j $dest";
} else {
clearrule;
}
}
sub emit_comment() { sub emit_comment() {
emit ( '#', emit ( '#',
'# Establish the values of shell variables used in the following function calls', '# Establish the values of shell variables used in the following function calls',

43
Shorewall-perl/Shorewall/Rules.pm
View File

@ -1478,31 +1478,11 @@ sub generate_matrix() {
# #
start_matrix; start_matrix;
my $prerouting_rule = 1;
my $postrouting_rule = 1;
my $exclusion_seq = 1; my $exclusion_seq = 1;
my %chain_exclusions; my %chain_exclusions;
my %policy_exclusions; my %policy_exclusions;
my @interfaces = ( all_interfaces ); my @interfaces = ( all_interfaces );
for my $interface ( @interfaces ) {
addnatjump 'POSTROUTING' , snat_chain( $interface ), match_dest_dev( $interface );
}
if ( $config{DYNAMIC_ZONES} ) {
for my $interface ( @interfaces ) {
addnatjump 'PREROUTING' , dynamic_in( $interface ), match_source_dev( $interface );
}
}
addnatjump 'PREROUTING' , 'nat_in' , '';
addnatjump 'POSTROUTING' , 'nat_out' , '';
for my $interface ( @interfaces ) {
addnatjump 'PREROUTING' , input_chain( $interface ) , match_source_dev( $interface );
addnatjump 'POSTROUTING' , output_chain( $interface ) , match_dest_dev( $interface );
}
# #
# Special processing for complex zones # Special processing for complex zones
# #
@ -1610,7 +1590,7 @@ sub generate_matrix() {
my $source = match_source_net $net; my $source = match_source_net $net;
insertnatjump 'PREROUTING' , dnat_chain $zone, \$prerouting_rule, join( '', match_source_dev( $interface), $source, $ipsec_in_match ); addnatjump 'PREROUTING' , dnat_chain $zone, join( '', match_source_dev( $interface), $source, $ipsec_in_match );
if ( $chain2 ) { if ( $chain2 ) {
if ( @$exclusions ) { if ( @$exclusions ) {
@ -1809,6 +1789,27 @@ sub generate_matrix() {
} }
} }
} }
#
# Add Nat jumps
#
for my $interface ( @interfaces ) {
addnatjump 'POSTROUTING' , snat_chain( $interface ), match_dest_dev( $interface );
}
if ( $config{DYNAMIC_ZONES} ) {
for my $interface ( @interfaces ) {
addnatjump 'PREROUTING' , dynamic_in( $interface ), match_source_dev( $interface );
}
}
addnatjump 'PREROUTING' , 'nat_in' , '';
addnatjump 'POSTROUTING' , 'nat_out' , '';
for my $interface ( @interfaces ) {
addnatjump 'PREROUTING' , input_chain( $interface ) , match_source_dev( $interface );
addnatjump 'POSTROUTING' , output_chain( $interface ) , match_dest_dev( $interface );
}
# #
# Now add the jumps to the interface chains from FORWARD, INPUT, OUTPUT and POSTROUTING # Now add the jumps to the interface chains from FORWARD, INPUT, OUTPUT and POSTROUTING
# #