ar
/
old-firewall
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
old-firewall/rules/01-output-snat

13 lines
744 B
Plaintext
Raw Normal View History

Add bash script headers, to make editors treat rule files as bash scripts for syntax highlighting etc.
2013-03-12 09:07:06 +00:00
#!/bin/bash
First rules to be loaded! :)
2013-03-11 08:32:52 +00:00
rules() {
Added some global variables to make rule creating easier, and updated rules/tests to use them
2013-03-11 10:55:30 +00:00
iptables --table filter $flag FORWARD -i ${IF_WAN} -o ${IF_LAN} -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
cleanup and fixup
2013-11-24 16:19:33 +00:00
iptables --table nat $flag POSTROUTING -s ${NET_LAN} -o ${IF_WAN} -j SNAT --to-source ${HOST_KASHA_WAN}
connecting to hackerspace!
2014-03-05 16:42:58 +00:00
# will fix the --to-source line, i promise
iptables --table nat $flag POSTROUTING -s ${NET_LAN} -d 10.8.0.0/16 -j SNAT --to-source 10.9.1.45
get our snat back
2013-03-24 08:45:10 +00:00
if ${HAVE_WAN2}; then
iptables --table nat $flag POSTROUTING -s 10.24.20.10 -o ${IF_WAN} -j SNAT --to-source ${HOST_KASHA_WAN2}
fi
comment out our snat, and extend the comment for the 192.168.0.1 snat rule
2013-03-24 05:56:55 +00:00
# we want to be able to access 192.168.0.1, regardles of which snat we're using
get our snat back
2013-03-24 08:45:10 +00:00
iptables --table nat $append POSTROUTING -s ${NET_LAN} -d ${NET_WAN} -j SNAT --to-source ${HOST_KASHA_WAN}
First rules to be loaded! :)
2013-03-11 08:32:52 +00:00
}