iptables: enhanced rocknet module to support a list of valid IPs when doing conduit

network/iptables/rocknet_iptables.sh

@@ -2,7 +2,7 @@
 # This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 #
 # Filename: package/.../iptables/rocknet_iptables.sh
-# Copyright (C) 2008 The OpenSDE Project
+# Copyright (C) 2008 - 2009 The OpenSDE Project
 # Copyright (C) 2004 - 2006 The T2 SDE Project
 #
 # More information can be found in the files COPYING and README.
@@ -102,17 +102,32 @@ public_conduit() {
 	# conduit (tcp|udp) port targetip[:targetport]
 	#
 	local proto=$1 port=$2
-	local targetip=$3 targetport=$2
+	local targetip=$3 targetport=$2 target=
+	local x=
+	shift 3
 
 	if [ "${targetip/:/}" != "$targetip" ]; then
 		targetport=${targetip#*:}
 		targetip=${targetip%:*}
 	fi
 
+	if [ "$targetport" = "$port" ]; then
+		target="$targetip"
+	else
+		target="$targetip:$targetport"
+	fi
+
 	addcode up 1 4 "iptables -t nat -A PREROUTING -i $if ${ip:+-d $ip} -p $proto \
-		 --dport $port -j DNAT --to $targetip:$targetport"
+		 --dport $port -j DNAT --to $target"
-	addcode up 1 4 "iptables -A forward_$if  -p $proto -d $targetip \
+	if [ $# -eq 0 ]; then
-		 --dport $targetport -j ACCEPT"
+		addcode up 1 4 "iptables -A forward_$if -p $proto -d $targetip \
+			 --dport $targetport -j ACCEPT"
+	else
+		for x; do
+			addcode up 1 4 "iptables -A forward_$if -p $proto -s $x -d $targetip \
+				 --dport $targetport -j ACCEPT"
+		done
+	fi
 
 	iptables_init_if
 }