Browse Source

iptables: improved rocknet masquerade to give /32 higher priority, and cleaned up

user/chris/0.1.0/grsecurity
Alejandro Mery 14 years ago
parent
commit
a5b13ce7ab
  1. 26
      network/iptables/rocknet_iptables.sh

26
network/iptables/rocknet_iptables.sh

@ -2,7 +2,7 @@
# This copyright note is auto-generated by ./scripts/Create-CopyPatch. # This copyright note is auto-generated by ./scripts/Create-CopyPatch.
# #
# Filename: package/.../iptables/rocknet_iptables.sh # Filename: package/.../iptables/rocknet_iptables.sh
# Copyright (C) 2008 - 2009 The OpenSDE Project # Copyright (C) 2008 - 2010 The OpenSDE Project
# Copyright (C) 2004 - 2006 The T2 SDE Project # Copyright (C) 2004 - 2006 The T2 SDE Project
# #
# More information can be found in the files COPYING and README. # More information can be found in the files COPYING and README.
@ -140,16 +140,20 @@ public_clamp_mtu() {
} }
public_masquerade() { public_masquerade() {
if [ "$ip" ]; then local src= action="-A"
addcode up 1 6 "iptables -t nat -A POSTROUTING ${1:+-s $1} -o $if \ local tgt= jump=MASQUERADE
-j SNAT --to $ip"
addcode down 9 6 "iptables -t nat -D POSTROUTING ${1:+-s $1} -o $if \ [ -z "$1" ] || src="-s $1"
-j SNAT --to $ip" if [ -n "$ip" ]; then
else tgt="--to $ip"
addcode up 1 6 "iptables -t nat -A POSTROUTING ${1:+-s $1} -o $if \ jump="SNAT"
-j MASQUERADE"
addcode down 9 6 "iptables -t nat -D POSTROUTING ${1:+-s $1} -o $if \
-j MASQUERADE"
fi fi
case "$src" in
*/32) action=-I ;;
esac
addcode up 1 6 "iptables -t nat $action POSTROUTING $src -o $if -j $jump $tgt"
addcode down 9 6 "iptables -t nat -D POSTROUTING $src -o $if -j $jump $tgt"
} }

Loading…
Cancel
Save