Browse Source

iptables: improved rocknet masquerade to give /32 higher priority, and cleaned up

user/chris/0.1.0/grsecurity
Alejandro Mery 14 years ago
parent
commit
a5b13ce7ab
  1. 26
      network/iptables/rocknet_iptables.sh

26
network/iptables/rocknet_iptables.sh

@ -2,7 +2,7 @@
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# Filename: package/.../iptables/rocknet_iptables.sh
# Copyright (C) 2008 - 2009 The OpenSDE Project
# Copyright (C) 2008 - 2010 The OpenSDE Project
# Copyright (C) 2004 - 2006 The T2 SDE Project
#
# More information can be found in the files COPYING and README.
@ -140,16 +140,20 @@ public_clamp_mtu() {
}
public_masquerade() {
if [ "$ip" ]; then
addcode up 1 6 "iptables -t nat -A POSTROUTING ${1:+-s $1} -o $if \
-j SNAT --to $ip"
addcode down 9 6 "iptables -t nat -D POSTROUTING ${1:+-s $1} -o $if \
-j SNAT --to $ip"
else
addcode up 1 6 "iptables -t nat -A POSTROUTING ${1:+-s $1} -o $if \
-j MASQUERADE"
addcode down 9 6 "iptables -t nat -D POSTROUTING ${1:+-s $1} -o $if \
-j MASQUERADE"
local src= action="-A"
local tgt= jump=MASQUERADE
[ -z "$1" ] || src="-s $1"
if [ -n "$ip" ]; then
tgt="--to $ip"
jump="SNAT"
fi
case "$src" in
*/32) action=-I ;;
esac
addcode up 1 6 "iptables -t nat $action POSTROUTING $src -o $if -j $jump $tgt"
addcode down 9 6 "iptables -t nat -D POSTROUTING $src -o $if -j $jump $tgt"
}

Loading…
Cancel
Save