|
|
@@ -53,12 +53,18 @@ setup_fordroplog() {
|
|
|
}
|
|
|
|
|
|
setup_nat() {
|
|
|
- iptables -t nat -A POSTROUTING -o ${wan} -s ${locnet} -j MASQUERADE
|
|
|
+ localnetsArray=(${localnets})
|
|
|
+ for net in "${localnetsArray[@]}" ; do
|
|
|
+ iptables -t nat -A POSTROUTING -o ${wan} -s ${net} -j MASQUERADE
|
|
|
+ done
|
|
|
}
|
|
|
|
|
|
setup_forward() {
|
|
|
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
|
|
- iptables -A FORWARD -i ${eth0} -o ${wan} -j ACCEPT
|
|
|
+ lanifsArray=(${lanifs})
|
|
|
+ for lanif in "${lanifsArray[@]}" ; do
|
|
|
+ iptables -A FORWARD -i ${lanif} -o ${wan} -j ACCEPT
|
|
|
+ done
|
|
|
if $logforward ; then
|
|
|
setup_fordroplog
|
|
|
iptables -A FORWARD -j FORWARD-LOG-DROP
|
|
|
@@ -69,7 +75,10 @@ setup_forward() {
|
|
|
|
|
|
setup_base() {
|
|
|
iptables -A INPUT -i lo -j ACCEPT
|
|
|
- iptables -A INPUT -i ${eth0} -j ACCEPT
|
|
|
+ lanifsArray=(${lanifs})
|
|
|
+ for lanif in "${lanifsArray[@]}" ; do
|
|
|
+ iptables -A INPUT -i ${lanif} -j ACCEPT
|
|
|
+ done
|
|
|
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
|
|
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
|
|
|
}
|
|
|
@@ -131,7 +140,7 @@ setup_cast() {
|
|
|
}
|
|
|
|
|
|
main () {
|
|
|
- defaultHooks="set_defaults setup_whitenets setup_nat setup_forward setup_base setup_badips setup_white setup_open setup_scanips setup_cast setup_final"
|
|
|
+ defaultHooks="set_defaults setup_whitenets setup_nat setup_forward setup_base setup_badips setup_white setup_open setup_scanips setup_cast setup_final"
|
|
|
hookarray=(${hooks:-$defaultHooks})
|
|
|
for hook in "${hookarray[@]}" ; do
|
|
|
$hook
|
