From 566090f2c81561065440fd7c464b6442349b0659 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sun, 18 Mar 2007 23:06:46 +0000
Subject: [PATCH] More detect changes

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5572 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 New/Shorewall/Chains.pm | 14 ++++++++------
 New/Shorewall/Nat.pm    | 16 +++++++++++++---
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/New/Shorewall/Chains.pm b/New/Shorewall/Chains.pm
index bfca21fe8..24499b2af 100644
--- a/New/Shorewall/Chains.pm
+++ b/New/Shorewall/Chains.pm
@@ -45,6 +45,7 @@ our @EXPORT = qw( STANDARD
 		  PREROUTE_RESTRICT
 		  POSTROUTE_RESTRICT
 		  
+		  add_command
 		  add_rule
 		  insert_rule
 		  chain_base
@@ -980,8 +981,8 @@ sub expand_rule( $$$$$$$$$$ )
 	fatal_error "Unknown Interface ($iiface): \"$line\"" unless known_interface $iiface;
 
 	if ( $restriction == POSTROUTE_RESTRICT ) {
-	    add_command( $chainref , ('    ' x $detectcount) . "sources=\$(get_routed_networks $iiface)" );
-	    add_command( $chainref , ('    ' x $detectcount) . qq([ -z "\$sourcess" ] && fatal_error "Unable to determine the routes through interface \"$iiface\"") );
+	    add_command( $chainref , ('    ' x $detectcount) . "sources=\$(get_routed_networks $iiface);" );
+	    add_command( $chainref , ('    ' x $detectcount) . qq([ -z "\$sourcess" ] && fatal_error "Unable to determine the routes through interface \"$iiface\"";) );
 	    add_command( $chainref , ('    ' x $detectcount) . 'for source in $sources; do' );
 	    $rule .= '-s $source';
 	    $detectcount++;
@@ -1014,8 +1015,8 @@ sub expand_rule( $$$$$$$$$$ )
 	fatal_error "Unknown Interface ($diface) in rule \"$line\"" unless known_interface $diface;
 
 	if ( $restriction == PREROUTE_RESTRICT ) {
-	    add_command( $chainref , ('    ' x $detectcount) . "dests=\$(find_interface_addresses $diface)" );
-	    add_command( $chainref , ('    ' x $detectcount) . qq([ -z "\$dests" ] && fatal_error "Unable to determine the address(es) of interface \"$diface\"") );
+	    add_command( $chainref , ('    ' x $detectcount) . "dests=\$(find_interface_addresses $diface);" );
+	    add_command( $chainref , ('    ' x $detectcount) . qq([ -z "\$dests" ] && fatal_error "Unable to determine the address(es) of interface \"$diface\";") );
 
 	    add_command( $chainref , ('    ' x $detectcount) . 'for dest in $dests; do' );
 	    $rule .= '-d $dest';
@@ -1030,7 +1031,7 @@ sub expand_rule( $$$$$$$$$$ )
     if ( $detectcount ) {
 	my $newchainref = new_anon_chain( $chainref );
 
-	add_command $chainref, ('    ' x $detectcount) . qq(emit "-A $chain $rule -j $newchainref->{name}");
+	add_command $chainref, ('    ' x $detectcount) . qq(emit "-A $chain $rule -j $newchainref->{name}";);
 
 	while ( $detectcount-- ) { 
 	    add_command( $chainref, ('    ' x $detectcount) . 'done' ); 
@@ -1243,7 +1244,8 @@ sub create_netfilter_load() {
 	for my $chainref ( @chains ) {
 	    my $name = $chainref->{name};
 	    for my $rule ( @{$chainref->{rules}} ) {
-		emit "-A $name $rule";
+		$rule = "-A $name $rule" unless substr( $rule, 0, 1) eq '~';
+		emit_unindented $rule;
 	    }
 	}
 
diff --git a/New/Shorewall/Nat.pm b/New/Shorewall/Nat.pm
index aba4d8956..f5b2dc205 100644
--- a/New/Shorewall/Nat.pm
+++ b/New/Shorewall/Nat.pm
@@ -154,6 +154,7 @@ sub setup_one_masq($$$$$$)
 
     fatal_error "Unknown interface $interface, rule \"$line\"" unless $interfaces{$interface}{root};
 
+    my $chainref = ensure_chain('nat', $pre_nat ? snat_chain $interface : masq_chain $interface);
     #
     # If there is no source or destination then allow all addresses
     #
@@ -165,6 +166,7 @@ sub setup_one_masq($$$$$$)
     #
     $rule .= do_proto $proto, $ports, '';
 	
+    my $detectaddress = 0;
     #
     # Parse the ADDRESSES column
     #
@@ -175,12 +177,20 @@ sub setup_one_masq($$$$$$)
 	    for my $addr ( split /,/, $addresses ) {
 		$target .= "--to $addr ";
 	    }
-	} elsif (  $addresses =~ /^SAME:nodst:/ ) {
+	} elsif ( $addresses =~ /^SAME:nodst:/ ) {
 	    $target = '-j SAME ';
 	    $addresses =~ s/.*://;
 	    for my $addr ( split /,/, $addresses ) {
 		$target .= "--to $addr ";
 	    }
+	} elsif ( $addresses eq 'detect' ) {
+	    $target = '-j SNAT $addrlist';
+	    add_command( $chainref , "addresses=\$(find_interface_addresses $interface); \\" );
+	    add_command( $chainref , qq([ -z "\$addresses" ] && fatal_error "Unable to determine the IP address(es) of $interface"; \\) );
+	    add_command( $chainref , 'addrlist=; \\' );
+	    add_command( $chainref , 'for address in $addresses; do \\' );
+	    add_command( $chainref , '    addrlist="$addrlist --to-source $address \\";' );
+	    add_command( $chainref , 'done' );
 	} else {
 	    my $addrlist = '';
 	    for my $addr ( split /,/, $addresses ) {
@@ -195,12 +205,12 @@ sub setup_one_masq($$$$$$)
 
 	    $target .= $addrlist;
 	}
-    }  
+    }
 
     #
     # And Generate the Rule(s)
     #
-    expand_rule ensure_chain('nat', $pre_nat ? snat_chain $interface : masq_chain $interface), POSTROUTE_RESTRICT , $rule, $networks, $destnets, '', $target, '', '' , '';
+    expand_rule $chainref , POSTROUTE_RESTRICT , $rule, $networks, $destnets, '', $target, '', '' , '';
 
     progress_message "   Masq record \"$line\" $done";