Make nat reflection src address configurable by introducing a reflection_src paramete...

diff --git a/options.c b/options.c
index 8effd2a..5c529b3 100644 (file)
--- a/options.c
+++ b/options.c
@@ -97,6 +97,11 @@ static const char *include_types[] = {
        "restore",
 };
 
+static const char *reflection_sources[] = {
+       "internal",
+       "external",
+};
+
 
 bool
 fw3_parse_bool(void *ptr, const char *val)
@@ -664,6 +669,13 @@ fw3_parse_include_type(void *ptr, const char *val)
                          FW3_INC_TYPE_SCRIPT, FW3_INC_TYPE_RESTORE);
 }
 
+bool
+fw3_parse_reflection_source(void *ptr, const char *val)
+{
+       return parse_enum(ptr, val, reflection_sources,
+                         FW3_REFLECTION_INTERNAL, FW3_REFLECTION_EXTERNAL);
+}
+
 
 void
 fw3_parse_options(void *s, const struct fw3_option *opts,

diff --git a/options.h b/options.h
index c84fd28..bb98fb6 100644 (file)
--- a/options.h
+++ b/options.h
@@ -117,6 +117,12 @@ enum fw3_include_type
        FW3_INC_TYPE_RESTORE  = 1,
 };
 
+enum fw3_reflection_source
+{
+       FW3_REFLECTION_INTERNAL = 0,
+       FW3_REFLECTION_EXTERNAL = 1,
+};
+
 struct fw3_ipset_datatype
 {
        struct list_head list;
@@ -355,6 +361,7 @@ struct fw3_redirect
        const char *extra;
 
        bool reflection;
+       enum fw3_reflection_source reflection_src;
 };
 
 struct fw3_forward
@@ -464,6 +471,7 @@ bool fw3_parse_ipset_method(void *ptr, const char *val);
 bool fw3_parse_ipset_datatype(void *ptr, const char *val);
 
 bool fw3_parse_include_type(void *ptr, const char *val);
+bool fw3_parse_reflection_source(void *ptr, const char *val);
 
 bool fw3_parse_date(void *ptr, const char *val);
 bool fw3_parse_time(void *ptr, const char *val);

diff --git a/redirects.c b/redirects.c
index f91cd47..b42201f 100644 (file)
--- a/redirects.c
+++ b/redirects.c
@@ -53,6 +53,8 @@ const struct fw3_option fw3_redirect_opts[] = {
        FW3_OPT("monthdays",           monthdays, redirect,     time.monthdays),
 
        FW3_OPT("reflection",          bool,      redirect,     reflection),
+       FW3_OPT("reflection_src",      reflection_source,
+                                                 redirect,     reflection_src),
 
        FW3_OPT("target",              target,    redirect,     target),
 
@@ -324,7 +326,7 @@ print_redirect(enum fw3_table table, enum fw3_family family,
                struct fw3_redirect *redir, int num)
 {
        struct list_head *ext_addrs, *int_addrs;
-       struct fw3_address *ext_addr, *int_addr;
+       struct fw3_address *ext_addr, *int_addr, ref_addr;
        struct fw3_device *ext_net, *int_net;
        struct fw3_protocol *proto;
        struct fw3_mac *mac;
@@ -433,6 +435,12 @@ print_redirect(enum fw3_table table, enum fw3_family family,
                                if (!proto || (proto->protocol != 6 && proto->protocol != 17))
                                        continue;
 
+                               if (redir->reflection_src == FW3_REFLECTION_INTERNAL)
+                                       ref_addr = *int_addr;
+                               else
+                                       ref_addr = *ext_addr;
+
+                               ref_addr.mask = 32;
                                ext_addr->mask = 32;
 
                                if (table == FW3_TABLE_NAT)
@@ -452,7 +460,7 @@ print_redirect(enum fw3_table table, enum fw3_family family,
                                        fw3_format_sport_dport(NULL, &redir->port_redir);
                                        fw3_format_time(&redir->time);
                                        fw3_format_comment(redir->name, " (reflection)");
-                                       print_snat_dnat(FW3_FLAG_SNAT, ext_addr, NULL);
+                                       print_snat_dnat(FW3_FLAG_SNAT, &ref_addr, NULL);
                                }
                                else if (table == FW3_TABLE_FILTER)
                                {