3 iptables
="/sbin/iptables"
4 ifconfig
="/sbin/ifconfig"
6 #pimp.conf should be regularly updated!
7 pimp
="/rw/etc/pimp.conf"
8 script="/rw/etc/network/snat-dnat"
10 echo "#!/bin/bash" > $script
11 echo $iptables -t nat
-F >> $script
12 echo $iptables -t nat
-X >> $script
13 echo "echo -n \"Setting firewall rules \"" >> $script
15 # ===============================================================
16 # Symetricky SNAT-DNAT, zarazeny do indexovanych iptables
17 # ===============================================================
19 echo -n "Generating new pimp index rules "
21 for czfip
in `grep -v ^# $pimp|cut -f 1 -d " "`
23 pubip
=`grep "$czfip " $pimp|cut -f 2 -d " "`
24 czffirstindex
=priv_
`ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ |tr [./] _`
25 czfsecondindex
=priv_
`ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ |tr [./] _`
26 czfthirdindex
=priv_
`ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ |tr [./] _`
27 pubfirstindex
=pub_
`ipcalc -n $pubip/27|grep Network|cut -f 4 -d \ |tr [./] _`
28 pubsecondindex
=pub_
`ipcalc -n $pubip/29|grep Network|cut -f 4 -d \ |tr [./] _`
31 if ! grep $czffirstindex $script > /dev
/null
33 echo $iptables -t nat
-N $czffirstindex >> $script
34 echo $iptables -t nat
-F $czffirstindex >> $script
35 echo $iptables -t nat
-A POSTROUTING
-s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -o eth1
-j $czffirstindex >> $script
38 if ! grep $czfsecondindex $script > /dev
/null
40 echo $iptables -t nat
-N $czfsecondindex >> $script
41 echo $iptables -t nat
-F $czfsecondindex >> $script
42 echo $iptables -t nat
-A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -o eth1
-j $czfsecondindex >> $script
45 if ! grep $czfthirdindex $script > /dev
/null
47 echo $iptables -t nat
-N $czfthirdindex >> $script
48 echo $iptables -t nat
-F $czfthirdindex >> $script
49 echo $iptables -t nat
-A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -o eth1
-j $czfthirdindex >> $script
52 if ! grep $pubfirstindex $script > /dev
/null
54 echo $iptables -t nat
-N $pubfirstindex >> $script
55 echo $iptables -t nat
-F $pubfirstindex >> $script
56 echo $iptables -t nat
-A PREROUTING
-i eth1
-d `ipcalc -n $pubip/27|grep Network|cut -f 4 -d \ ` -j $pubfirstindex >> $script
59 if ! grep $pubsecondindex $script > /dev
/null
61 echo $iptables -t nat
-N $pubsecondindex >> $script
62 echo $iptables -t nat
-F $pubsecondindex >> $script
63 echo $iptables -t nat
-A $pubfirstindex -i eth1
-d `ipcalc -n $pubip/29|grep Network|cut -f 4 -d \ ` -j $pubsecondindex >> $script
66 echo $iptables -t nat
-A $pubsecondindex -i eth1
-d $pubip/32 -j DNAT
--to-destination $czfip >> $script
67 echo $iptables -t nat
-A $pubsecondindex -i eth1
-d $pubip/32 -j ACCEPT
>> $script
69 echo $iptables -t nat
-A $czfthirdindex -s $czfip/32 -o eth1
-j SNAT
--to-source $pubip >> $script
70 echo $iptables -t nat
-A $czfthirdindex -s $czfip/32 -o eth1
-j ACCEPT
>> $script
73 echo "echo -n ." >>$script
77 # ===============================================================
78 # Pravidla pro dashboard
79 # ===============================================================
81 echo -n "Generating dashboard index rules "
83 for czfip
in `grep ^10[.] /etc/hosts|grep dashboard-|cut -f 1`
85 czffirstindex
=dash_
`ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ |tr [./] _`
86 czfsecondindex
=dash_
`ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ |tr [./] _`
87 czfthirdindex
=dash_
`ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ |tr [./] _`
89 if ! grep $czffirstindex $script > /dev
/null
91 echo $iptables -t nat
-N $czffirstindex >> $script
92 echo $iptables -t nat
-F $czffirstindex >> $script
93 echo $iptables -t nat
-A PREROUTING
-s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -i eth0
-j $czffirstindex >> $script
96 if ! grep $czfsecondindex $script > /dev
/null
98 echo $iptables -t nat
-N $czfsecondindex >> $script
99 echo $iptables -t nat
-F $czfsecondindex >> $script
100 echo $iptables -t nat
-A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -i eth0
-j $czfsecondindex >> $script
103 if ! grep $czfthirdindex $script > /dev
/null
105 echo $iptables -t nat
-N $czfthirdindex >> $script
106 echo $iptables -t nat
-F $czfthirdindex >> $script
107 echo $iptables -t nat
-A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -i eth0
-j $czfthirdindex >> $script
110 echo $iptables -t nat
-A $czfthirdindex -s $czfip -d ! 10.0.0.0/8 -p tcp
--dport 80 -j REDIRECT
--to 8080 >> $script
111 echo $iptables -t nat
-A $czfthirdindex -s $czfip -d ! 10.0.0.0/8 -p tcp
--dport 3128 -j REDIRECT
--to 8080 >> $script
112 echo $iptables -t nat
-A $czfthirdindex -s $czfip -d ! 10.0.0.0/8 -p tcp
--dport 8080 -j ACCEPT
>> $script
113 echo $iptables -t nat
-A $czfthirdindex -s $czfip -d ! 10.0.0.0/8 -j DROP
>> $script
116 echo "echo -n ." >>$script
This page took 0.767627 seconds and 4 git commands to generate.