首页 发现 帮助
登录
arch
/
e-router
关注 3
点赞 0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

Merge branch 'devel'

Edvinas Valatka 9 年之前
父节点
defde2532b 36b9bcbfb5
当前提交
f555e8983d
共有 1 个文件被更改,包括 19 次插入9 次删除
分列视图 显示文件统计
  1. 19 9
      e-router

+ 19 - 9
e-router
查看文件 

@@ -61,18 +61,28 @@ setup_forward() {
 
     iptables -A FORWARD -i ${eth0} -o ${wan} -j ACCEPT
 
     while read -r ip public private ; do
 
         [[ "$ip" =~ ^[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.[0-9]{1,}$ ]] || continue
 
-        [[ "$public" =~ ^[0-9]{1,}$ ]] || continue
 
-        [[ "$private" =~ ^[0-9]{1,}$ ]] || continue
 
-        iptables -A PREROUTING -t nat -i ${wan} -p tcp --dport ${public} -j DNAT --to ${ip}:${private}
 
-        iptables -A FORWARD -i ${wan} -p tcp --syn -d ${ip} --dport ${private} -m conntrack --ctstate NEW --ctproto TCP -j ACCEPT
 
+        [[ "$public" =~ ^[0-9]{1,}|[0-9]{1,}:[0-9]{1,}$ ]] || continue
 
+        [[ "$private" =~ ^[0-9]{1,}|[0-9]{1,}:[0-9]{1,}$ ]] || continue
 
+        if [[ "$public" =~ ^[0-9]{1,}$ ]] ; then
 
+            iptables -A PREROUTING -t nat -i ${wan} -p tcp --dport ${public} -j DNAT --to ${ip}:${private}
 
+            iptables -A FORWARD -i ${wan} -p tcp --syn -d ${ip} --dport ${private} -m conntrack --ctstate NEW --ctproto TCP -j ACCEPT
 
+        else
 
+            iptables -A PREROUTING -t nat -i ${wan} -p tcp --dport ${public} -j DNAT --to ${ip}
 
+            iptables -A FORWARD -i ${wan} -p tcp --syn -d ${ip} --dport ${public} -m conntrack --ctstate NEW --ctproto TCP -j ACCEPT
 
+        fi
 
     done < $confd/FORWARD.tcp
 
 
     while read -r ip public private ; do
 
         [[ "$ip" =~ ^[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.[0-9]{1,}$ ]] || continue
 
-        [[ "$public" =~ ^[0-9]{1,}$ ]] || continue
 
-        [[ "$private" =~ ^[0-9]{1,}$ ]] || continue
 
-        iptables -A PREROUTING -t nat -i ${wan} -p udp --dport ${public} -j DNAT --to ${ip}:${private}
 
-        iptables -A FORWARD -i ${wan} -p udp -d ${ip} --dport ${private} -m conntrack --ctstate NEW --ctproto UDP -j ACCEPT
 
+        [[ "$public" =~ ^[0-9]{1,}|[0-9]{1,}:[0-9]{1,}$ ]] || continue
 
+        [[ "$private" =~ ^[0-9]{1,}|[0-9]{1,}:[0-9]{1,}$ ]] || continue
 
+        if [[ "$public" =~ ^[0-9]{1,}$ ]] ; then
 
+            iptables -A PREROUTING -t nat -i ${wan} -p udp --dport ${public} -j DNAT --to ${ip}:${private}
 
+            iptables -A FORWARD -i ${wan} -p udp -d ${ip} --dport ${private} -m conntrack --ctstate NEW --ctproto UDP -j ACCEPT
 
+        else
 
+            iptables -A PREROUTING -t nat -i ${wan} -p udp --dport ${public} -j DNAT --to ${ip}
 
+            iptables -A FORWARD -i ${wan} -p udp -d ${ip} --dport ${public} -m conntrack --ctstate NEW --ctproto UDP -j ACCEPT
 
+        fi
 
     done < $confd/FORWARD.udp
 
 
     if $logforward ; then
 
@@ -147,7 +157,7 @@ setup_cast() {
 
 }
 
 
 main () {
 
-   defaultHooks="set_defaults setup_whitenets setup_nat setup_forward setup_base setup_badips setup_white setup_public setup_scanips setup_cast setup_final"
 
+    defaultHooks="set_defaults setup_whitenets setup_nat setup_forward setup_base setup_badips setup_white setup_public setup_scanips setup_cast setup_final"
 
     hookarray=(${hooks:-$defaultHooks})
 
     for hook in "${hookarray[@]}" ; do
 
         $hook