e-smith-portforwarding/sme8/e-smith-portforwarding-2.2.0-filter-source-address.patch

diff -up e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward.filter-source-address e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward
--- e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward.filter-source-address      2010-03-09 19:39:01.000000000 +0100
+++ e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward    2010-03-09 19:44:36.000000000 +0100
@@ -17,21 +17,26 @@
         foreach my $entry ( $FDB{$protocol}->get_all ) {
             my $port = $entry->key;
             my $ip = $entry->prop('DestHost');
-            my $dport = $entry->prop('DestPort');
+            my $dport = $entry->prop('DestPort') || $port;
             $port =~ s/-/:/;
 
            # Map canonical localhost back to our current external IP   
             $ip = '$OUTERNET' if ($ip eq 'localhost');
 
-            $OUT .= "    /sbin/iptables --table nat --append $pf_chain " .
-                "--protocol $protocol \\\n".
-            # Set up local port to forward
-            "         --destination-port ${port} -j DNAT " .
-            # Set up the remote port to forward to
-                "--to-destination $ip";
-            # Append the dport if any. 
-            $OUT .= ":$dport" if $dport;
-            $OUT .= "\n";
+            my $host_list = $entry->prop("AllowHosts") || '0.0.0.0/0';
+            foreach my $host (split(',', $host_list)) {
+
+                $OUT .= "    /sbin/iptables --table nat --append $pf_chain";
+
+                # Set up local port to forward
+                $OUT .= " --proto $protocol --destination-port ${port}";
+                $OUT .= " --src $host" unless $host eq '0.0.0.0/0';
+
+                # Set up the remote port to forward to
+                $OUT .= "-j DNAT --to-destination $ip:$dport\n";
+
+            }
+
             # And accept the incoming packets. Use the dport if there is one.
             ($port = $dport) =~ s/-/:/ if $dport;
 
1	snetram	1.1	diff -up e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward.filter-source-address e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward
2			--- e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward.filter-source-address 2010-03-09 19:39:01.000000000 +0100
3			+++ e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward 2010-03-09 19:44:36.000000000 +0100
4			@@ -17,21 +17,26 @@
5			foreach my $entry ( $FDB{$protocol}->get_all ) {
6			my $port = $entry->key;
7			my $ip = $entry->prop('DestHost');
8			- my $dport = $entry->prop('DestPort');
9			+ my $dport = $entry->prop('DestPort') \|\| $port;
10			$port =~ s/-/:/;
11
12			# Map canonical localhost back to our current external IP
13			$ip = '$OUTERNET' if ($ip eq 'localhost');
14
15			- $OUT .= " /sbin/iptables --table nat --append $pf_chain " .
16			- "--protocol $protocol \\\n".
17			- # Set up local port to forward
18			- " --destination-port ${port} -j DNAT " .
19			- # Set up the remote port to forward to
20			- "--to-destination $ip";
21			- # Append the dport if any.
22			- $OUT .= ":$dport" if $dport;
23			- $OUT .= "\n";
24			+ my $host_list = $entry->prop("AllowHosts") \|\| '0.0.0.0/0';
25			+ foreach my $host (split(',', $host_list)) {
26			+
27			+ $OUT .= " /sbin/iptables --table nat --append $pf_chain";
28			+
29			+ # Set up local port to forward
30			+ $OUT .= " --proto $protocol --destination-port ${port}";
31			+ $OUT .= " --src $host" unless $host eq '0.0.0.0/0';
32			+
33			+ # Set up the remote port to forward to
34			+ $OUT .= "-j DNAT --to-destination $ip:$dport\n";
35			+
36			+ }
37			+
38			# And accept the incoming packets. Use the dport if there is one.
39			($port = $dport) =~ s/-/:/ if $dport;
40