e-smith-portforwarding/sme7/e-smith-portforwarding-2.2.0-filter-source-address.patch

diff -up e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward.filter-source-address e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward
--- e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward.filter-source-address      2010-03-09 19:39:01.000000000 +0100
+++ e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward    2010-03-09 19:44:36.000000000 +0100
@@ -17,21 +17,26 @@
         foreach my $entry ( $FDB{$protocol}->get_all ) {
             my $port = $entry->key;
             my $ip = $entry->prop('DestHost');
-            my $dport = $entry->prop('DestPort');
+            my $dport = $entry->prop('DestPort') || $port;
             $port =~ s/-/:/;
 
            # Map canonical localhost back to our current external IP   
             $ip = '$OUTERNET' if ($ip eq 'localhost');
 
-            $OUT .= "    /sbin/iptables --table nat --append $pf_chain " .
-                "--protocol $protocol \\\n".
-            # Set up local port to forward
-            "         --destination-port ${port} -j DNAT " .
-            # Set up the remote port to forward to
-                "--to-destination $ip";
-            # Append the dport if any. 
-            $OUT .= ":$dport" if $dport;
-            $OUT .= "\n";
+            my $host_list = $entry->prop("AllowHosts") || '0.0.0.0/0';
+            foreach my $host (split(',', $host_list)) {
+
+                $OUT .= "    /sbin/iptables --table nat --append $pf_chain";
+
+                # Set up local port to forward
+                $OUT .= " --proto $protocol --destination-port ${port}";
+                $OUT .= " --src $host" unless $host eq '0.0.0.0/0';
+
+                # Set up the remote port to forward to
+                $OUT .= "-j DNAT --to-destination $ip:$dport\n";
+
+            }
+
             # And accept the incoming packets. Use the dport if there is one.
             ($port = $dport) =~ s/-/:/ if $dport;
 
1	diff -up e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward.filter-source-address e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward
2	--- e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward.filter-source-address 2010-03-09 19:39:01.000000000 +0100
3	+++ e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward 2010-03-09 19:44:36.000000000 +0100
4	@@ -17,21 +17,26 @@
5	foreach my $entry ( $FDB{$protocol}->get_all ) {
6	my $port = $entry->key;
7	my $ip = $entry->prop('DestHost');
8	- my $dport = $entry->prop('DestPort');
9	+ my $dport = $entry->prop('DestPort') \|\| $port;
10	$port =~ s/-/:/;
11
12	# Map canonical localhost back to our current external IP
13	$ip = '$OUTERNET' if ($ip eq 'localhost');
14
15	- $OUT .= " /sbin/iptables --table nat --append $pf_chain " .
16	- "--protocol $protocol \\\n".
17	- # Set up local port to forward
18	- " --destination-port ${port} -j DNAT " .
19	- # Set up the remote port to forward to
20	- "--to-destination $ip";
21	- # Append the dport if any.
22	- $OUT .= ":$dport" if $dport;
23	- $OUT .= "\n";
24	+ my $host_list = $entry->prop("AllowHosts") \|\| '0.0.0.0/0';
25	+ foreach my $host (split(',', $host_list)) {
26	+
27	+ $OUT .= " /sbin/iptables --table nat --append $pf_chain";
28	+
29	+ # Set up local port to forward
30	+ $OUT .= " --proto $protocol --destination-port ${port}";
31	+ $OUT .= " --src $host" unless $host eq '0.0.0.0/0';
32	+
33	+ # Set up the remote port to forward to
34	+ $OUT .= "-j DNAT --to-destination $ip:$dport\n";
35	+
36	+ }
37	+
38	# And accept the incoming packets. Use the dport if there is one.
39	($port = $dport) =~ s/-/:/ if $dport;
40