forked from extern/shorewall_code
First step in adding structure to NAT table ruleset
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8037 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
ea9957fd3e
commit
384e88df43
@ -122,7 +122,6 @@ our %EXPORT_TAGS = (
|
||||
log_rule
|
||||
expand_rule
|
||||
addnatjump
|
||||
insertnatjump
|
||||
get_interface_address
|
||||
get_interface_addresses
|
||||
get_interface_bcasts
|
||||
@ -2036,21 +2035,6 @@ sub addnatjump( $$$ ) {
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# If the destination chain exists, then at the position in the source chain given by $$countref, add a jump to the destination.
|
||||
#
|
||||
sub insertnatjump( $$$$ ) {
|
||||
my ( $source, $dest, $countref, $predicates ) = @_;
|
||||
|
||||
my $destref = $nat_table->{$dest} || {};
|
||||
|
||||
if ( $destref->{referenced} ) {
|
||||
insert_rule $nat_table->{$source} , ($$countref)++, $predicates . "-j $dest";
|
||||
} else {
|
||||
clearrule;
|
||||
}
|
||||
}
|
||||
|
||||
sub emit_comment() {
|
||||
emit ( '#',
|
||||
'# Establish the values of shell variables used in the following function calls',
|
||||
|
@ -1478,31 +1478,11 @@ sub generate_matrix() {
|
||||
#
|
||||
start_matrix;
|
||||
|
||||
my $prerouting_rule = 1;
|
||||
my $postrouting_rule = 1;
|
||||
my $exclusion_seq = 1;
|
||||
my %chain_exclusions;
|
||||
my %policy_exclusions;
|
||||
my @interfaces = ( all_interfaces );
|
||||
|
||||
for my $interface ( @interfaces ) {
|
||||
addnatjump 'POSTROUTING' , snat_chain( $interface ), match_dest_dev( $interface );
|
||||
}
|
||||
|
||||
if ( $config{DYNAMIC_ZONES} ) {
|
||||
for my $interface ( @interfaces ) {
|
||||
addnatjump 'PREROUTING' , dynamic_in( $interface ), match_source_dev( $interface );
|
||||
}
|
||||
}
|
||||
|
||||
addnatjump 'PREROUTING' , 'nat_in' , '';
|
||||
addnatjump 'POSTROUTING' , 'nat_out' , '';
|
||||
|
||||
for my $interface ( @interfaces ) {
|
||||
addnatjump 'PREROUTING' , input_chain( $interface ) , match_source_dev( $interface );
|
||||
addnatjump 'POSTROUTING' , output_chain( $interface ) , match_dest_dev( $interface );
|
||||
}
|
||||
|
||||
#
|
||||
# Special processing for complex zones
|
||||
#
|
||||
@ -1610,7 +1590,7 @@ sub generate_matrix() {
|
||||
|
||||
my $source = match_source_net $net;
|
||||
|
||||
insertnatjump 'PREROUTING' , dnat_chain $zone, \$prerouting_rule, join( '', match_source_dev( $interface), $source, $ipsec_in_match );
|
||||
addnatjump 'PREROUTING' , dnat_chain $zone, join( '', match_source_dev( $interface), $source, $ipsec_in_match );
|
||||
|
||||
if ( $chain2 ) {
|
||||
if ( @$exclusions ) {
|
||||
@ -1809,6 +1789,27 @@ sub generate_matrix() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#
|
||||
# Add Nat jumps
|
||||
#
|
||||
for my $interface ( @interfaces ) {
|
||||
addnatjump 'POSTROUTING' , snat_chain( $interface ), match_dest_dev( $interface );
|
||||
}
|
||||
|
||||
if ( $config{DYNAMIC_ZONES} ) {
|
||||
for my $interface ( @interfaces ) {
|
||||
addnatjump 'PREROUTING' , dynamic_in( $interface ), match_source_dev( $interface );
|
||||
}
|
||||
}
|
||||
|
||||
addnatjump 'PREROUTING' , 'nat_in' , '';
|
||||
addnatjump 'POSTROUTING' , 'nat_out' , '';
|
||||
|
||||
for my $interface ( @interfaces ) {
|
||||
addnatjump 'PREROUTING' , input_chain( $interface ) , match_source_dev( $interface );
|
||||
addnatjump 'POSTROUTING' , output_chain( $interface ) , match_dest_dev( $interface );
|
||||
}
|
||||
|
||||
#
|
||||
# Now add the jumps to the interface chains from FORWARD, INPUT, OUTPUT and POSTROUTING
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user