mirror/iopsys-feed
1
0
Fork 0
mirror of https://dev.iopsys.eu/feed/iopsys.git synced 2025-12-10 07:44:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
iopsys-feed/firewallmngr/files/firewall.portmap
Erik Karlsson d720da1852 firewallmngr: add missing "iptables -w"
2025-02-25 14:31:11 +01:00

43 lines
1.5 KiB
Bash
Executable file
Raw Blame History

#!/bin/sh
. /lib/functions.sh
reorder_dnat_rules() {
nat_chains=$(iptables -w -t nat -S | grep -E "^-N zone[a-zA-Z0-9_]+prerouting$" | cut -d' ' -f 2)
for chain in ${nat_chains}; do
# Collect empty remote host & empty dport rules
EMPTY_HOST_PORT=$(iptables -w -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep -v "\-\-dport" | grep -v "\-s ")
# Collect empty remote host but non empty dport rules
EMPTY_HOST=$(iptables -w -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep "\-\-dport" | grep -v "\-s ")
# Collect non empty remote host but empty dport rules
EMPTY_PORT=$(iptables -w -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep -v "\-\-dport" | grep "\-s ")
# Skip this chain if no matching rules were found
[ -n "${EMPTY_HOST_PORT}" -o -n "${EMPTY_HOST}" -o -n "${EMPTY_PORT}" ] || continue
(
echo '*nat'
# Delete collected rules
[ -n "${EMPTY_HOST_PORT}" ] && echo "${EMPTY_HOST_PORT}" | sed 's/^-A /-D /'
[ -n "${EMPTY_HOST}" ] && echo "${EMPTY_HOST}" | sed 's/^-A /-D /'
[ -n "${EMPTY_PORT}" ] && echo "${EMPTY_PORT}" | sed 's/^-A /-D /'
# Now add rules as per datamodel precedence shown below
## Non empty remote host, empty dport
## empty remote host, non empty dport
## empty remote host, empty dport
[ -n "${EMPTY_PORT}" ] && echo "${EMPTY_PORT}"
[ -n "${EMPTY_HOST}" ] && echo "${EMPTY_HOST}"
[ -n "${EMPTY_HOST_PORT}" ] && echo "${EMPTY_HOST_PORT}"
echo 'COMMIT'
) | iptables-restore -w -n
done
}
# Re-order portmapping rules according to precedence hierarchy
reorder_dnat_rules
Reference in a new issue View git blame Copy permalink