mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-07 05:58:49 +01:00
Require server with DNAT
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6229 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
c7bc204ba0
commit
3f2b8cda25
@ -884,19 +884,18 @@ sub process_rule1 ( $$$$$$$$$$ ) {
|
|||||||
#
|
#
|
||||||
# We will be called recursively for each rule in the macro body
|
# We will be called recursively for each rule in the macro body
|
||||||
#
|
#
|
||||||
process_macro
|
process_macro( $macros{$basictarget},
|
||||||
$macros{$basictarget},
|
$target ,
|
||||||
$target ,
|
$param ,
|
||||||
$param ,
|
$source,
|
||||||
$source,
|
$dest,
|
||||||
$dest,
|
$proto,
|
||||||
$proto,
|
$ports,
|
||||||
$ports,
|
$sports,
|
||||||
$sports,
|
$origdest,
|
||||||
$origdest,
|
$ratelimit,
|
||||||
$ratelimit,
|
$user,
|
||||||
$user,
|
$mark );
|
||||||
$mark;
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
@ -995,6 +994,9 @@ sub process_rule1 ( $$$$$$$$$$ ) {
|
|||||||
$server = $dest;
|
$server = $dest;
|
||||||
$serverport = '';
|
$serverport = '';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fatal_error "DNAT Rules Require a Server" if $basictarget eq 'DNAT' && $server eq ALLIPv4;
|
||||||
|
|
||||||
#
|
#
|
||||||
# After DNAT, dest port will be the server port
|
# After DNAT, dest port will be the server port
|
||||||
#
|
#
|
||||||
@ -1040,17 +1042,16 @@ sub process_rule1 ( $$$$$$$$$$ ) {
|
|||||||
#
|
#
|
||||||
# And generate the nat table rule(s)
|
# And generate the nat table rule(s)
|
||||||
#
|
#
|
||||||
expand_rule
|
expand_rule ( ensure_chain ('nat' , $zones{$sourcezone}{type} eq 'firewall' ? 'OUTPUT' : dnat_chain $sourcezone ),
|
||||||
ensure_chain ('nat' , $zones{$sourcezone}{type} eq 'firewall' ? 'OUTPUT' : dnat_chain $sourcezone ),
|
PREROUTE_RESTRICT ,
|
||||||
PREROUTE_RESTRICT ,
|
$rule ,
|
||||||
$rule ,
|
$source ,
|
||||||
$source ,
|
$origdest ,
|
||||||
$origdest ,
|
'' ,
|
||||||
'' ,
|
$target ,
|
||||||
$target ,
|
$loglevel ,
|
||||||
$loglevel ,
|
$action ,
|
||||||
$action ,
|
$serverport ? do_proto( $proto, '', '' ) : '' );
|
||||||
$serverport ? do_proto( $proto, '', '' ) : '';
|
|
||||||
#
|
#
|
||||||
# After NAT:
|
# After NAT:
|
||||||
# - the destination port will be the server port
|
# - the destination port will be the server port
|
||||||
@ -1078,17 +1079,16 @@ sub process_rule1 ( $$$$$$$$$$ ) {
|
|||||||
$origdest = $interfaces ? "detect:$interfaces" : ALLIPv4;
|
$origdest = $interfaces ? "detect:$interfaces" : ALLIPv4;
|
||||||
}
|
}
|
||||||
|
|
||||||
expand_rule
|
expand_rule( ensure_chain ('nat' , $zones{$sourcezone}{type} eq 'firewall' ? 'OUTPUT' : dnat_chain $sourcezone) ,
|
||||||
ensure_chain ('nat' , $zones{$sourcezone}{type} eq 'firewall' ? 'OUTPUT' : dnat_chain $sourcezone) ,
|
PREROUTE_RESTRICT ,
|
||||||
PREROUTE_RESTRICT ,
|
$rule ,
|
||||||
$rule ,
|
$source ,
|
||||||
$source ,
|
$dest ,
|
||||||
$dest ,
|
$origdest ,
|
||||||
$origdest ,
|
'-j RETURN ' ,
|
||||||
'-j RETURN ' ,
|
$loglevel ,
|
||||||
$loglevel ,
|
$action ,
|
||||||
$action ,
|
'' );
|
||||||
'';
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
@ -1107,17 +1107,16 @@ sub process_rule1 ( $$$$$$$$$$ ) {
|
|||||||
$origdest = '';
|
$origdest = '';
|
||||||
}
|
}
|
||||||
|
|
||||||
expand_rule
|
expand_rule( ensure_chain ('filter', $chain ) ,
|
||||||
ensure_chain ('filter', $chain ) ,
|
$restriction ,
|
||||||
$restriction ,
|
$rule ,
|
||||||
$rule ,
|
$source ,
|
||||||
$source ,
|
$dest ,
|
||||||
$dest ,
|
$origdest ,
|
||||||
$origdest ,
|
"-j $action " ,
|
||||||
"-j $action " ,
|
$loglevel ,
|
||||||
$loglevel ,
|
$action ,
|
||||||
$action ,
|
'' );
|
||||||
'';
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user