1 |
diff -up e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward.filter-source-address e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward |
2 |
--- e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward.filter-source-address 2010-03-09 19:39:01.000000000 +0100 |
3 |
+++ e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward 2010-03-09 19:44:36.000000000 +0100 |
4 |
@@ -17,21 +17,26 @@ |
5 |
foreach my $entry ( $FDB{$protocol}->get_all ) { |
6 |
my $port = $entry->key; |
7 |
my $ip = $entry->prop('DestHost'); |
8 |
- my $dport = $entry->prop('DestPort'); |
9 |
+ my $dport = $entry->prop('DestPort') || $port; |
10 |
$port =~ s/-/:/; |
11 |
|
12 |
# Map canonical localhost back to our current external IP |
13 |
$ip = '$OUTERNET' if ($ip eq 'localhost'); |
14 |
|
15 |
- $OUT .= " /sbin/iptables --table nat --append $pf_chain " . |
16 |
- "--protocol $protocol \\\n". |
17 |
- # Set up local port to forward |
18 |
- " --destination-port ${port} -j DNAT " . |
19 |
- # Set up the remote port to forward to |
20 |
- "--to-destination $ip"; |
21 |
- # Append the dport if any. |
22 |
- $OUT .= ":$dport" if $dport; |
23 |
- $OUT .= "\n"; |
24 |
+ my $host_list = $entry->prop("AllowHosts") || '0.0.0.0/0'; |
25 |
+ foreach my $host (split(',', $host_list)) { |
26 |
+ |
27 |
+ $OUT .= " /sbin/iptables --table nat --append $pf_chain"; |
28 |
+ |
29 |
+ # Set up local port to forward |
30 |
+ $OUT .= " --proto $protocol --destination-port ${port}"; |
31 |
+ $OUT .= " --src $host" unless $host eq '0.0.0.0/0'; |
32 |
+ |
33 |
+ # Set up the remote port to forward to |
34 |
+ $OUT .= "-j DNAT --to-destination $ip:$dport\n"; |
35 |
+ |
36 |
+ } |
37 |
+ |
38 |
# And accept the incoming packets. Use the dport if there is one. |
39 |
($port = $dport) =~ s/-/:/ if $dport; |
40 |
|