[zorp] Patch for iptables-gen (iptables-utils)
Sheldon Hearn
zorp@lists.balabit.hu
Tue, 26 Oct 2004 11:37:22 +0200
--=-9qm1zSoCZjw8n8Byn+LA
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
The iptables-utils package is a fantastic piece of software. It allows
me to manage remote firewalls with confidence.
Recently, I had to set up a firewall for an ADSL-connected site, where
they use the MASQUERADE target. They also want a few ports forwarded to
specific hosts on the internal network.
I want my ppp linkup script (/etc/ppp/ip-up in Gentoo Linux) to generate
iptables.conf.var, adding a line like this:
#define MY_ADDR 196.31.31.10
Then I want iptables-gen to regenerate the ruleset, given rules like
this in iptables.conf.in:
-A PREROUTING -p tcp \
-d MY_ADDR --dport 2222 -j DNAT --to-destination 10.0.0.2:22
-A POSTROUTING -p tcp \
-s 10.0.0.2 --sport 22 -j SNAT --to-source MY_ADDR:2222
However, the current implementation of iptables-gen (in
iptables-utils-1.20) only substitutes defined variables that are
immediately followed by whitespace of end of line. It doesn't
substitute defined variables that are immediately followed by a colon
(:).
Therefore, I propose the attached patch to iptables-gen.in, which
includes the colon (:) as a legal delimiter for defined variables.
Ciao,
Sheldon.
--=-9qm1zSoCZjw8n8Byn+LA
Content-Disposition: attachment; filename=iptables-gen.in.patch
Content-Type: text/x-patch; name=iptables-gen.in.patch; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 7bit
--- iptables-utils-1.20/iptables-gen.in.orig 2004-10-26 11:19:09.282355253 +0200
+++ iptables-utils-1.20/iptables-gen.in 2004-10-26 11:19:22.991669894 +0200
@@ -129,7 +129,7 @@
output=[]
for val in vars[var]:
for line in lines:
- output.append(re.sub("(?P<head>\s*)%s(?P<tail>[\s$])"%(var),"\g<head>%s\g<tail>"%(val),line))
+ output.append(re.sub("(?P<head>\s*)%s(?P<tail>[\s:$])"%(var),"\g<head>%s\g<tail>"%(val),line))
if varlist == []:
return output
--=-9qm1zSoCZjw8n8Byn+LA--