"Fossies" - the Fresh Open Source Software Archive 
Member "aif-2.1.1/share/arno-iptables-firewall/plugins/90outbound-snat.plugin" (16 Sep 2020, 5602 Bytes) of package /linux/privat/aif-2.1.1.tar.gz:
As a special service "Fossies" has tried to format the requested text file into HTML format (style:
standard) with prefixed line numbers.
Alternatively you can here
view or
download the uninterpreted source code file.
See also the latest
Fossies "Diffs" side-by-side code changes report for "90outbound-snat.plugin":
2.1.0_vs_2.1.1.
1 # ------------------------------------------------------------------------------
2 # -= Arno's Iptables Firewall(AIF) - Outbound SNAT plugin =-
3 #
4 PLUGIN_NAME="Outbound SNAT plugin"
5 PLUGIN_VERSION="1.01"
6 PLUGIN_CONF_FILE="outbound-snat.conf"
7 #
8 # Last changed : July 12, 2016
9 # Requirements : AIF 2.0.0+
10 # Comments : When a NAT'ed external interface has multiple IPv4 addresses,
11 # it may be desirable to specify which internal IP's or CIDR's
12 # use which external IPv4 addresses for outbound connections.
13 #
14 # Author : (C) Copyright 2012-2016 by Lonnie Abelbeck & Arno van Amersfoort
15 # Homepage : https://rocky.eld.leidenuniv.nl/
16 # Email : a r n o v a AT r o c k y DOT e l d DOT l e i d e n u n i v DOT n l
17 # (note: you must remove all spaces and substitute the @ and the .
18 # at the proper locations!)
19 # ------------------------------------------------------------------------------
20 # This program is free software; you can redistribute it and/or
21 # modify it under the terms of the GNU General Public License
22 # version 2 as published by the Free Software Foundation.
23 #
24 # This program is distributed in the hope that it will be useful,
25 # but WITHOUT ANY WARRANTY; without even the implied warranty of
26 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 # GNU General Public License for more details.
28 #
29 # You should have received a copy of the GNU General Public License
30 # along with this program; if not, write to the Free Software
31 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 # ------------------------------------------------------------------------------
33
34 get_extif_ipv4_addresses()
35 {
36 ip -o addr show dev "$1" 2>/dev/null \
37 | awk '$3 == "inet" { split($4, field, "/"); print field[1]; }'
38 }
39
40 get_extif_with_ipv4_address()
41 {
42 local host="$1" eif eip eips IFS
43
44 IFS=' ,'
45 for eif in $(wildcard_ifs ${NAT_IF:-$EXT_IF}); do
46 eips="$(get_extif_ipv4_addresses $eif)"
47 if [ -n "$eips" ]; then
48 unset IFS
49 for eip in $eips; do
50 if [ "$host" = "$eip" ]; then
51 echo "$eif"
52 return 0
53 fi
54 done
55 fi
56 done
57
58 return 1
59 }
60
61 # Plugin start function
62 plugin_start()
63 {
64 local rule net host eif IFS
65
66 ip4tables -t nat -N OUTBOUND_SNAT 2>/dev/null
67 ip4tables -t nat -F OUTBOUND_SNAT
68
69 IFS=' ,'
70 for rule in $OUTBOUND_SNAT_NET_HOST; do
71 net="$(echo "$rule" |cut -s -d'>' -f1)"
72 host="$(echo "$rule" |cut -s -d'>' -f2)"
73 if [ -n "$net" -a -n "$host" ]; then
74
75 # First, look for matching external interface with "host" address.
76 eif="$(get_extif_with_ipv4_address $host)"
77 if [ -n "$eif" ]; then
78 # Apply to single external interface containing "host".
79 echo "${INDENT}Outbound SNAT internal $net via external $host for interface: $eif"
80 ip4tables -t nat -A OUTBOUND_SNAT -o $eif -s $net ! -d $net -j SNAT --to-source $host
81 else
82 # Apply to all external interface(s) if "host" is not currently found.
83 echo "${INDENT}Outbound SNAT internal $net via external $host for interface(s): ${NAT_IF:-$EXT_IF}"
84 IFS=' ,'
85 for eif in ${NAT_IF:-$EXT_IF}; do
86 ip4tables -t nat -A OUTBOUND_SNAT -o $eif -s $net ! -d $net -j SNAT --to-source $host
87 done
88 fi
89 else
90 echo "** WARNING: In Variable OUTBOUND_SNAT_NET_HOST, Rule: \"$rule\" is ignored." >&2
91 fi
92 done
93
94 ip4tables -t nat -A POSTROUTING -j OUTBOUND_SNAT
95
96 return 0
97 }
98
99
100 # Plugin restart function
101 plugin_restart()
102 {
103
104 # Skip plugin_stop on a restart
105 plugin_start
106
107 return 0
108 }
109
110
111 # Plugin stop function
112 plugin_stop()
113 {
114
115 ip4tables -t nat -D POSTROUTING -j OUTBOUND_SNAT
116
117 ip4tables -t nat -F OUTBOUND_SNAT
118 ip4tables -t nat -X OUTBOUND_SNAT 2>/dev/null
119
120 return 0
121 }
122
123
124 # Plugin status function
125 plugin_status()
126 {
127 return 0
128 }
129
130
131 # Check sanity of eg. environment
132 plugin_sanity_check()
133 {
134 # Sanity check
135 if [ -z "$OUTBOUND_SNAT_NET_HOST" ]; then
136 printf "\033[40m\033[1;31m${INDENT}ERROR: The plugin config file is not properly set!\033[0m\n" >&2
137 return 1
138 fi
139
140 return 0
141 }
142
143
144 ############
145 # Mainline #
146 ############
147
148 # Check where to find the config file
149 CONF_FILE=""
150 if [ -n "$PLUGIN_CONF_PATH" ]; then
151 CONF_FILE="$PLUGIN_CONF_PATH/$PLUGIN_CONF_FILE"
152 fi
153
154 # Preinit to success:
155 PLUGIN_RET_VAL=0
156
157 # Check if the config file exists
158 if [ ! -f "$CONF_FILE" ]; then
159 printf "NOTE: Config file \"$CONF_FILE\" not found!\n Plugin \"$PLUGIN_NAME v$PLUGIN_VERSION\" ignored!\n" >&2
160 else
161 # Source the plugin config file
162 . "$CONF_FILE"
163
164 if [ "$ENABLED" = "1" -a "$PLUGIN_CMD" != "stop-restart" ] ||
165 [ "$ENABLED" = "0" -a "$PLUGIN_CMD" = "stop-restart" ] ||
166 [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "stop" ] ||
167 [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "status" ]; then
168 # Show who we are:
169 echo "${INDENT}$PLUGIN_NAME v$PLUGIN_VERSION"
170
171 # Increment indention
172 INDENT="$INDENT "
173
174 # Only proceed if environment ok
175 if ! plugin_sanity_check; then
176 PLUGIN_RET_VAL=1
177 else
178 case $PLUGIN_CMD in
179 start|'' ) plugin_start; PLUGIN_RET_VAL=$? ;;
180 restart ) plugin_restart; PLUGIN_RET_VAL=$? ;;
181 stop|stop-restart) plugin_stop; PLUGIN_RET_VAL=$? ;;
182 status ) plugin_status; PLUGIN_RET_VAL=$? ;;
183 * ) PLUGIN_RET_VAL=1; printf "\033[40m\033[1;31m${INDENT}ERROR: Invalid plugin option \"$PLUGIN_CMD\"!\033[0m\n" >&2 ;;
184 esac
185 fi
186 fi
187 fi