[zorp] Patch for iptables-gen (iptables-utils)
Gellér Sándor
zorp@lists.balabit.hu
Wed, 27 Oct 2004 10:14:00 +0200
Sheldon Hearn wrote:
> The iptables-utils package is a fantastic piece of software. It allows
> me to manage remote firewalls with confidence.
>
> Recently, I had to set up a firewall for an ADSL-connected site, where
> they use the MASQUERADE target. They also want a few ports forwarded to
> specific hosts on the internal network.
>
> I want my ppp linkup script (/etc/ppp/ip-up in Gentoo Linux) to generate
> iptables.conf.var, adding a line like this:
>
> #define MY_ADDR 196.31.31.10
>
> Then I want iptables-gen to regenerate the ruleset, given rules like
> this in iptables.conf.in:
>
> -A PREROUTING -p tcp \
> -d MY_ADDR --dport 2222 -j DNAT --to-destination 10.0.0.2:22
> -A POSTROUTING -p tcp \
> -s 10.0.0.2 --sport 22 -j SNAT --to-source MY_ADDR:2222
>
> However, the current implementation of iptables-gen (in
> iptables-utils-1.20) only substitutes defined variables that are
> immediately followed by whitespace of end of line. It doesn't
> substitute defined variables that are immediately followed by a colon
> (:).
>
> Therefore, I propose the attached patch to iptables-gen.in, which
> includes the colon (:) as a legal delimiter for defined variables.
>
> Ciao,
> Sheldon.
Hi Sheldon,
Thanks for the patch, applied. The next iptables-utils release will
contain it.
Regards,
--
Sandor Geller
wildy@balabit.hu