From ff9d5e13c9150c62fe698e4bc5541e6f92b241d0 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Wed, 13 Mar 2013 16:25:56 +0100 Subject: [PATCH] Make nat reflection src address configurable by introducing a reflection_src parameter which can be set to "external" or "internal" --- options.c | 12 ++++++++++++ options.h | 8 ++++++++ redirects.c | 12 ++++++++++-- 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/options.c b/options.c index 8effd2a..5c529b3 100644 --- a/options.c +++ b/options.c @@ -97,6 +97,11 @@ static const char *include_types[] = { "restore", }; +static const char *reflection_sources[] = { + "internal", + "external", +}; + bool fw3_parse_bool(void *ptr, const char *val) @@ -664,6 +669,13 @@ fw3_parse_include_type(void *ptr, const char *val) FW3_INC_TYPE_SCRIPT, FW3_INC_TYPE_RESTORE); } +bool +fw3_parse_reflection_source(void *ptr, const char *val) +{ + return parse_enum(ptr, val, reflection_sources, + FW3_REFLECTION_INTERNAL, FW3_REFLECTION_EXTERNAL); +} + void fw3_parse_options(void *s, const struct fw3_option *opts, diff --git a/options.h b/options.h index c84fd28..bb98fb6 100644 --- a/options.h +++ b/options.h @@ -117,6 +117,12 @@ enum fw3_include_type FW3_INC_TYPE_RESTORE = 1, }; +enum fw3_reflection_source +{ + FW3_REFLECTION_INTERNAL = 0, + FW3_REFLECTION_EXTERNAL = 1, +}; + struct fw3_ipset_datatype { struct list_head list; @@ -355,6 +361,7 @@ struct fw3_redirect const char *extra; bool reflection; + enum fw3_reflection_source reflection_src; }; struct fw3_forward @@ -464,6 +471,7 @@ bool fw3_parse_ipset_method(void *ptr, const char *val); bool fw3_parse_ipset_datatype(void *ptr, const char *val); bool fw3_parse_include_type(void *ptr, const char *val); +bool fw3_parse_reflection_source(void *ptr, const char *val); bool fw3_parse_date(void *ptr, const char *val); bool fw3_parse_time(void *ptr, const char *val); diff --git a/redirects.c b/redirects.c index f91cd47..b42201f 100644 --- a/redirects.c +++ b/redirects.c @@ -53,6 +53,8 @@ const struct fw3_option fw3_redirect_opts[] = { FW3_OPT("monthdays", monthdays, redirect, time.monthdays), FW3_OPT("reflection", bool, redirect, reflection), + FW3_OPT("reflection_src", reflection_source, + redirect, reflection_src), FW3_OPT("target", target, redirect, target), @@ -324,7 +326,7 @@ print_redirect(enum fw3_table table, enum fw3_family family, struct fw3_redirect *redir, int num) { struct list_head *ext_addrs, *int_addrs; - struct fw3_address *ext_addr, *int_addr; + struct fw3_address *ext_addr, *int_addr, ref_addr; struct fw3_device *ext_net, *int_net; struct fw3_protocol *proto; struct fw3_mac *mac; @@ -433,6 +435,12 @@ print_redirect(enum fw3_table table, enum fw3_family family, if (!proto || (proto->protocol != 6 && proto->protocol != 17)) continue; + if (redir->reflection_src == FW3_REFLECTION_INTERNAL) + ref_addr = *int_addr; + else + ref_addr = *ext_addr; + + ref_addr.mask = 32; ext_addr->mask = 32; if (table == FW3_TABLE_NAT) @@ -452,7 +460,7 @@ print_redirect(enum fw3_table table, enum fw3_family family, fw3_format_sport_dport(NULL, &redir->port_redir); fw3_format_time(&redir->time); fw3_format_comment(redir->name, " (reflection)"); - print_snat_dnat(FW3_FLAG_SNAT, ext_addr, NULL); + print_snat_dnat(FW3_FLAG_SNAT, &ref_addr, NULL); } else if (table == FW3_TABLE_FILTER) { -- 2.11.0