onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-20 02:07:23 +01:00
Code Issues Releases Wiki Activity

* NATCompiler_ipt.cpp (processNext): see #2097 #133 "support for

Browse Source 
inbound and outbound interface columns in iptables NAT
rules". This also addresses SF feature requests 1954286 "DNAT with
interface as condition not possible" and 621023 "manipulating
interface in NAT rule".
This commit is contained in:
Vadim Kurland 2011-02-17 17:47:42 -08:00
parent 5162212073
commit d0ae7bac01
131 changed files with 11222 additions and 8862 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/ChangeLog
View File

@ -1,5 +1,11 @@
2011-02-17 vadim <vadim@netcitadel.com>
* NATCompiler_ipt.cpp (processNext): see #2097 #133 "support for
inbound and outbound interface columns in iptables NAT
rules". This also addresses SF feature requests 1954286 "DNAT with
interface as condition not possible" and 621023 "manipulating
interface in NAT rule".
* platforms.cpp (setDefaultFailoverGroupAttributes): fixes #2101
"CARP interfaces are set with same advskew". When new PF cluster
is created, master advskew paramerer will be set to 10 and backup

37
src/iptlib/NATCompiler_PrintRule.cpp
View File

@ -195,14 +195,47 @@ string NATCompiler_ipt::PrintRule::_printRuleLabel(NATRule *rule)
* check and create new chain if needed
*/
QString NATCompiler_ipt::PrintRule::getInterfaceName(RuleElement *itf_re)
{
if (itf_re->isAny()) return "";
FWObject *iface = FWObjectReference::getObject(itf_re->front());
QString iface_name = iface->getName().c_str();
if (iface_name.endsWith("*")) iface_name.replace("*", "+");
return iface_name;
}
/**
*-----------------------------------------------------------------------
*/
string NATCompiler_ipt::PrintRule::_printChainDirectionAndInterface(NATRule *rule)
{
QStringList res;
RuleElementItfInb *itf_in_re = rule->getItfInb(); assert(itf_in_re!=NULL);
RuleElementItfOutb *itf_out_re = rule->getItfOutb(); assert(itf_out_re!=NULL);
QString iface_in_name = getInterfaceName(itf_in_re);
QString iface_out_name = getInterfaceName(itf_out_re);
if (rule->getStr(".iface_in") == "nil") iface_in_name = "";
if (rule->getStr(".iface_out") == "nil") iface_out_name = "";
res << rule->getStr("ipt_chain").c_str();
if ( ! iface_in_name.isEmpty()) res << "-i" << iface_in_name;
if ( ! iface_out_name.isEmpty()) res << "-o" << iface_out_name;
res << "";
return res.join(" ").toStdString();
#if 0
// OLD SCHOOL
std::ostringstream ostr;
string iface_name = rule->getInterfaceStr();
string iface_name = rule->getInterfaceStr();
if (iface_name=="nil") iface_name="";
/* if interface name ends with '*', this is a wildcard
@ -230,8 +263,10 @@ string NATCompiler_ipt::PrintRule::_printChainDirectionAndInterface(NATRule *rul
break;
default: break;
}
ostr << " ";
return ostr.str();
#endif
}
string NATCompiler_ipt::PrintRule::_printProtocol(Service *srv)

226
src/iptlib/NATCompiler_ipt.cpp
View File

@ -173,20 +173,12 @@ string NATCompiler_ipt::getNewTmpChainName(NATRule *rule)
string NATCompiler_ipt::debugPrintRule(Rule *r)
{
NATRule *rule = NATRule::cast(r);
string iface_name = rule->getInterfaceStr();
if (iface_name.empty())
{
int iface_id = rule->getInterfaceId();
FWObject *iface = dbcopy->findInIndex(iface_id);
if (iface) iface_name = iface->getName();
}
return NATCompiler::debugPrintRule(rule)+
" " + FWObjectDatabase::getStringId(rule->getInterfaceId()) +
" c=" + rule->getStr("ipt_chain") +
" t=" + rule->getStr("ipt_target") +
" (type="+rule->getRuleTypeAsString()+")" +
" intf=" + iface_name;
" (type="+rule->getRuleTypeAsString()+")";
}
void NATCompiler_ipt::verifyPlatform()
@ -222,6 +214,57 @@ int NATCompiler_ipt::prolog()
assert(iface);
if ( iface->isDyn()) iface->setBool("use_var_address",true);
if (iface->isLoopback() ||
iface->isUnnumbered() ||
iface->isBridgePort()
) continue;
/* Bug #1064: "Dedicated IPv6 interfaces show up in
* IPv4-NAT rules". Use interface only if it has addresses
* that match address family we compile for
*
* Include interfaces that have no addresses in the list
* for backwards compatibility.
*/
FWObjectTypedChildIterator ipv4_addresses =
iface->findByType(IPv4::TYPENAME);
FWObjectTypedChildIterator ipv6_addresses =
iface->findByType(IPv6::TYPENAME);
if ((ipv6 && ipv6_addresses != ipv6_addresses.end()) ||
(!ipv6 && ipv4_addresses != ipv4_addresses.end()) ||
(ipv4_addresses == ipv4_addresses.end() && ipv6_addresses == ipv6_addresses.end()))
{
/*
* regular_interfaces is a set of groups of
* interfaces, where each group holds references to
* all interfaces with "similar names". The group name
* is then the base name of these interfaces with
* numeric index replaced with "*". For example:
* group "eth*" { eth0, eth1, eth2, ... }
*
* if interface name ends with '*', this is wildcard
* interface. Just replace '*' with '+'. If interace
* name does not end with '*', replace numeric
* interface index with '+'.
*/
QString iname = QString(iface->getName().c_str());
iname.replace(QRegExp("[0-9]{1,}$"), "+");
iname.replace("*", "+");
if (regular_interfaces.count(iname) == 0)
{
FWObject *itf_group = dbcopy->create(ObjectGroup::TYPENAME);
dbcopy->add(itf_group);
itf_group->setName(iname.toStdString());
regular_interfaces[iname] = itf_group;
}
regular_interfaces[iname]->addRef(iface);
}
}
}
@ -1201,32 +1244,41 @@ bool NATCompiler_ipt::splitMultiSrcAndDst::processNext()
return true;
}
switch (rule->getRuleType()) {
switch (rule->getRuleType())
{
case NATRule::NONAT:
case NATRule::SNAT:
case NATRule::DNAT:
{
// get old chain name create new chain name
string new_chain=NATCompiler_ipt::getNewTmpChainName(rule);
string new_chain = NATCompiler_ipt::getNewTmpChainName(rule);
// create new rule
NATRule *r= compiler->dbcopy->createNATRule();
NATRule *r = compiler->dbcopy->createNATRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
// move existing rule onto new chain
rule->setStr("ipt_chain",new_chain);
rule->setStr("ipt_chain", new_chain);
// we've already tested for interface ....
rule->setInterfaceStr("nil");
rule->setStr(".iface_in", "nil");
rule->setStr(".iface_out", "nil");
// new rule points to new chain, continues if no match
r->setStr("ipt_target",new_chain);
r->setStr("ipt_target", new_chain);
// Now decide which way round would be best ...
if (nosrc < nodst)
{
rodst=r->getODst(); rodst->clearChildren(); rodst->setAnyElement();
osrc->clearChildren(); osrc->setAnyElement();
} else {
rosrc=r->getOSrc(); rosrc->clearChildren(); rosrc->setAnyElement();
odst->clearChildren(); odst->setAnyElement();
rodst= r->getODst();
rodst->clearChildren();
rodst->setAnyElement();
osrc->clearChildren();
osrc->setAnyElement();
} else
{
rosrc = r->getOSrc();
rosrc->clearChildren();
rosrc->setAnyElement();
odst->clearChildren();
odst->setAnyElement();
}
tmp_queue.push_back(r);
@ -1550,7 +1602,9 @@ bool NATCompiler_ipt::doOSrcNegation::processNext()
r->setRuleType(NATRule::Return);
r->setStr("ipt_target","RETURN");
r->setStr("ipt_chain",new_chain);
r->setInterfaceStr("nil");
r->setStr(".iface_in", "nil");
r->setStr(".iface_out", "nil");
//r->setInterfaceStr("nil");
r->setBool("rule_added_for_osrc_neg",true);
tmp_queue.push_back(r);
@ -1564,7 +1618,9 @@ bool NATCompiler_ipt::doOSrcNegation::processNext()
ndst->setNeg(false);
nsrv->setNeg(false);
r->setStr("ipt_chain",new_chain);
r->setInterfaceStr("nil");
r->setStr(".iface_in", "nil");
r->setStr(".iface_out", "nil");
//r->setInterfaceStr("nil");
r->setBool("rule_added_for_osrc_neg",true);
tmp_queue.push_back(r);
@ -1628,7 +1684,9 @@ bool NATCompiler_ipt::doODstNegation::processNext()
r->setRuleType(NATRule::Return);
r->setStr("ipt_target","RETURN");
r->setStr("ipt_chain",new_chain);
r->setInterfaceStr("nil");
r->setStr(".iface_in", "nil");
r->setStr(".iface_out", "nil");
//r->setInterfaceStr("nil");
// r->setBool("rule_added_for_odst_neg",true);
tmp_queue.push_back(r);
@ -1642,7 +1700,9 @@ bool NATCompiler_ipt::doODstNegation::processNext()
nsrc->setNeg(false);
nsrv->setNeg(false);
r->setStr("ipt_chain",new_chain);
r->setInterfaceStr("nil");
r->setStr(".iface_in", "nil");
r->setStr(".iface_out", "nil");
//r->setInterfaceStr("nil");
r->setBool("rule_added_for_odst_neg",true);
tmp_queue.push_back(r);
@ -1704,7 +1764,9 @@ bool NATCompiler_ipt::doOSrvNegation::processNext()
r->setRuleType(NATRule::Return);
r->setStr("ipt_target","RETURN");
r->setStr("ipt_chain",new_chain);
r->setInterfaceStr("nil");
r->setStr(".iface_in", "nil");
r->setStr(".iface_out", "nil");
//r->setInterfaceStr("nil");
r->setBool("rule_added_for_osrv_neg",true);
tmp_queue.push_back(r);
@ -1718,7 +1780,9 @@ bool NATCompiler_ipt::doOSrvNegation::processNext()
nsrc->setNeg(false);
ndst->setNeg(false);
r->setStr("ipt_chain",new_chain);
r->setInterfaceStr("nil");
r->setStr(".iface_in", "nil");
r->setStr(".iface_out", "nil");
//r->setInterfaceStr("nil");
// r->setBool("rule_added_for_osrv_neg",true);
tmp_queue.push_back(r);
@ -1914,6 +1978,11 @@ bool NATCompiler_ipt::splitIfOSrcAny::processNext()
tmp_queue.push_back(rule);
/* do not split if user nailed inbound interface */
RuleElement *itf_re = rule->getItfInb();
assert(itf_re!=NULL);
if (! itf_re->isAny()) return true;
/* do not split rules added to handle negation, these rules have "any"
* in OSrc but get control only after OSrc is tested by another
* rule */
@ -2077,58 +2146,37 @@ bool NATCompiler_ipt::decideOnTarget::processNext()
* because it is unnumbered, so the firewall won't translate packets
* going through this interface.
*
*
* NOTE: this rule processor may place groups of interfaces in inbound
* and outbound interface rule elements. Names of these groups were
* specifically constructed to match "wildcard" interface
* specifications supported by iptables, such as "eth+". Do not call
* rule processors that expand groups after AssignInterface.
*
*/
bool NATCompiler_ipt::AssignInterface::processNext()
{
NATCompiler_ipt *ipt_comp = dynamic_cast<NATCompiler_ipt*>(compiler);
NATRule *rule = getNext(); if (rule==NULL) return false;
// Address *a=NULL;
// FWObject *ref;
RuleElement *itf_re;
list<FWObject*> all_interfaces = compiler->fw->getByTypeDeep(Interface::TYPENAME);
itf_re = rule->getItfInb();
assert(itf_re!=NULL);
if (regular_interfaces.size()==0)
if ( ! itf_re->isAny())
{
for (list<FWObject*>::iterator i=all_interfaces.begin(); i!=all_interfaces.end(); ++i)
{
Interface *iface=Interface::cast(*i);
assert(iface);
tmp_queue.push_back(rule);
return true;
}
if (iface->isLoopback() ||
iface->isUnnumbered() ||
iface->isBridgePort()
) continue;
itf_re = rule->getItfOutb();
assert(itf_re!=NULL);
/* Bug #1064: "Dedicated IPv6 interfaces show up in
* IPv4-NAT rules". Use interface only if it has addresses
* that match address family we compile for
*
* Include interfaces that have no addresses in the list
* for backwards compatibility.
*/
FWObjectTypedChildIterator ipv4_addresses =
iface->findByType(IPv4::TYPENAME);
FWObjectTypedChildIterator ipv6_addresses =
iface->findByType(IPv6::TYPENAME);
if ((ipt_comp->ipv6 && ipv6_addresses != ipv6_addresses.end()) ||
(!ipt_comp->ipv6 && ipv4_addresses != ipv4_addresses.end()) ||
(ipv4_addresses == ipv4_addresses.end() && ipv6_addresses == ipv6_addresses.end()))
{
/*
* if interface name ends with '*', this is wildcard
* interface. Just replace '*' with '+'. If interace
* name does not end with '*', replace numeric
* interface index with '+'.
*/
QString iname = QString(iface->getName().c_str());
iname.replace(QRegExp("[0-9]{1,}$"), "+");
iname.replace("*", "+");
regular_interfaces.insert(iname);
}
}
if ( ! itf_re->isAny())
{
tmp_queue.push_back(rule);
return true;
}
switch (rule->getRuleType())
@ -2164,7 +2212,10 @@ bool NATCompiler_ipt::AssignInterface::processNext()
// member firewall's inteface but TSrc remains
// cluster interface or its address.
iface = fw_iface;
rule->setInterfaceId(iface->getId());
RuleElementItfOutb *itf_re = rule->getItfOutb();
assert(itf_re!=NULL);
if ( ! itf_re->hasRef(iface)) itf_re->addRef(iface);
//rule->setInterfaceId(iface->getId());
tmp_queue.push_back(rule);
return true;
}
@ -2172,7 +2223,10 @@ bool NATCompiler_ipt::AssignInterface::processNext()
{
// parent is the cluster but there is no failover
// group. This must be a copy of the member interface.
rule->setInterfaceId(iface->getId());
RuleElementItfOutb *itf_re = rule->getItfOutb();
assert(itf_re!=NULL);
if ( ! itf_re->hasRef(iface)) itf_re->addRef(iface);
//rule->setInterfaceId(iface->getId());
tmp_queue.push_back(rule);
return true;
}
@ -2181,7 +2235,10 @@ bool NATCompiler_ipt::AssignInterface::processNext()
{
if (iface->isChildOf(compiler->fw))
{
rule->setInterfaceId(iface->getId());
RuleElementItfOutb *itf_re = rule->getItfOutb();
assert(itf_re!=NULL);
if ( ! itf_re->hasRef(iface)) itf_re->addRef(iface);
//rule->setInterfaceId(iface->getId());
tmp_queue.push_back(rule);
return true;
}
@ -2202,12 +2259,18 @@ bool NATCompiler_ipt::AssignInterface::processNext()
* but I do it anyway.
*/
int n = 0;
foreach(QString intf_name, regular_interfaces)
QMap<QString, libfwbuilder::FWObject*>::iterator it;
for (it=ipt_comp->regular_interfaces.begin();
it!=ipt_comp->regular_interfaces.end(); ++it)
{
FWObject *itf_group = it.value();
NATRule *r = compiler->dbcopy->createNATRule();
r->duplicate(rule);
compiler->temp_ruleset->add(r);
r->setInterfaceStr(intf_name.toStdString());
RuleElementItfOutb *itf_re = r->getItfOutb();
assert(itf_re!=NULL);
if ( ! itf_re->hasRef(itf_group)) itf_re->addRef(itf_group);
//r->setInterfaceStr(intf_name.toStdString());
tmp_queue.push_back(r);
n++;
}
@ -2403,6 +2466,18 @@ void NATCompiler_ipt::compile()
add( new singleRuleFilter());
add(new expandGroupsInItfInb("expand groups in inbound Interface"));
add(new replaceClusterInterfaceInItfInb(
"replace cluster interfaces with member interfaces in "
"the inbound Interface rule element"));
add(new ItfInbNegation("process negation in inbound Itf"));
add(new expandGroupsInItfOutb("expand groups in outbound Interface"));
add(new replaceClusterInterfaceInItfOutb(
"replace cluster interfaces with member interfaces in "
"the outbound Interface rule element"));
add(new ItfOutbNegation("process negation in outbound Itf"));
add( new recursiveGroupsInOSrc("check for recursive groups in OSRC"));
add( new recursiveGroupsInODst("check for recursive groups in ODST"));
add( new recursiveGroupsInOSrv("check for recursive groups in OSRV"));
@ -2547,7 +2622,10 @@ void NATCompiler_ipt::compile()
add( new dynamicInterfaceInODst("split if dynamic interface in ODst") );
add( new dynamicInterfaceInTSrc(
"set target if dynamic interface in TSrc" ) );
add( new convertInterfaceIdToStr("prepare interface assignments") );
//add( new convertInterfaceIdToStr("prepare interface assignments") );
add( new ConvertToAtomicForItfInb("convert to atomic for inbound interface") );
add( new ConvertToAtomicForItfOutb("convert to atomic for outbound interface"));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));

18
src/iptlib/NATCompiler_ipt.h
View File

@ -34,10 +34,13 @@
#include <map>
#include <string>
#include <QMap>
#include <QSet>
#include <QString>
namespace libfwbuilder {
namespace libfwbuilder
{
class Host;
class IPService;
class ICMPService;
@ -51,10 +54,11 @@ namespace libfwbuilder {
class RuleElementTSrv;
};
namespace fwcompiler {
class NATCompiler_ipt : public NATCompiler {
namespace fwcompiler
{
class NATCompiler_ipt : public NATCompiler
{
protected:
class PrintRule;
@ -73,6 +77,9 @@ namespace fwcompiler {
// This map is located in CompilerDriver_ipt
const std::map<std::string, std::list<std::string> > *branch_ruleset_to_chain_mapping;
QMap<QString, libfwbuilder::FWObject*> regular_interfaces;
static const std::list<std::string>& getStandardChains();
std::string getInterfaceVarName(libfwbuilder::FWObject *iface,
bool v6=false);
@ -241,7 +248,6 @@ namespace fwcompiler {
friend class AssignInterface;
class AssignInterface : public NATRuleProcessor
{
QSet<QString> regular_interfaces;
public:
AssignInterface(const std::string &name) : NATRuleProcessor(name) {}
virtual bool processNext();
@ -496,6 +502,8 @@ namespace fwcompiler {
std::string version;
void initializeMinusNTracker();
QString getInterfaceName(libfwbuilder::RuleElement *itf_re);
/*
* Prints single --option with argument and negation "!"
* taking into account the change that happened in iptables 1.4.3.1

8
test/ipt/cluster1_secuwall-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:57 2011 PST by vadim
# Generated Thu Feb 17 17:38:17 2011 PST by vadim
#
# files: * cluster1_secuwall-1.fw /etc/cluster1_secuwall-1.fw
#
@ -321,7 +321,7 @@ script_body() {
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j REDIRECT --to-ports 3128
@ -588,7 +588,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:57 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:17 2011 by vadim"
log "Database was cluster-tests.fwb"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall-base-rulesets.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:27:21 2011 PST by vadim
# Generated Thu Feb 17 17:36:36 2011 PST by vadim
#
# files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw
#
@ -445,7 +445,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:27:21 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:36 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:27:44 2011 PST by vadim
# Generated Thu Feb 17 17:36:58 2011 PST by vadim
#
# files: * firewall-ipv6-1.fw /etc/firewall-ipv6-1.fw
#
@ -687,7 +687,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:27:44 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:58 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:27:46 2011 PST by vadim
# Generated Thu Feb 17 17:37:01 2011 PST by vadim
#
# files: * firewall-ipv6-2.fw /etc/firewall-ipv6-2.fw
#
@ -930,7 +930,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:27:46 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:37:01 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:09 2011 PST by vadim
# Generated Thu Feb 17 17:37:24 2011 PST by vadim
#
# files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw
#
@ -592,7 +592,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:09 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:37:24 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-4-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:34 2011 PST by vadim
# Generated Thu Feb 17 17:37:50 2011 PST by vadim
#
# files: * firewall-ipv6-4-1.fw /etc/firewall-ipv6-4-1.fw
#
@ -539,7 +539,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:34 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:37:50 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:12 2011 PST by vadim
# Generated Thu Feb 17 17:37:27 2011 PST by vadim
#
# files: * firewall-ipv6-4.fw /etc/firewall-ipv6-4.fw
#
@ -577,7 +577,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:12 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:37:27 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:15 2011 PST by vadim
# Generated Thu Feb 17 17:37:30 2011 PST by vadim
#
# files: * firewall-ipv6-5.fw /etc/firewall-ipv6-5.fw
#
@ -412,7 +412,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:15 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:37:30 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:18 2011 PST by vadim
# Generated Thu Feb 17 17:37:34 2011 PST by vadim
#
# files: * firewall-ipv6-6.fw /etc/firewall-ipv6-6.fw
#
@ -399,7 +399,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:18 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:37:34 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:22 2011 PST by vadim
# Generated Thu Feb 17 17:37:38 2011 PST by vadim
#
# files: * firewall-ipv6-7.fw /etc/firewall-ipv6-7.fw
#
@ -443,7 +443,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:22 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:37:38 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-8.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:26 2011 PST by vadim
# Generated Thu Feb 17 17:37:42 2011 PST by vadim
#
# files: * firewall-ipv6-8.fw /etc/firewall-ipv6-8.fw
#
@ -484,7 +484,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:26 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:37:42 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:29 2011 PST by vadim
# Generated Thu Feb 17 17:37:46 2011 PST by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-after-flush.fw /etc/firewall-ipv6-ipt-reset-prolog-after-flush.fw
#
@ -450,7 +450,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:29 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:37:46 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:33 2011 PST by vadim
# Generated Thu Feb 17 17:37:50 2011 PST by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-after-interfaces.fw /etc/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw
#
@ -450,7 +450,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:33 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:37:50 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:36 2011 PST by vadim
# Generated Thu Feb 17 17:37:54 2011 PST by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-top.fw /etc/firewall-ipv6-ipt-reset-prolog-top.fw
#
@ -450,7 +450,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:36 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:37:54 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-prolog-after-flush.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:38 2011 PST by vadim
# Generated Thu Feb 17 17:37:54 2011 PST by vadim
#
# files: * firewall-ipv6-prolog-after-flush.fw /etc/firewall-ipv6-prolog-after-flush.fw
#
@ -420,7 +420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:38 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:37:54 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:40 2011 PST by vadim
# Generated Thu Feb 17 17:37:59 2011 PST by vadim
#
# files: * firewall-ipv6-prolog-after-interfaces.fw /etc/firewall-ipv6-prolog-after-interfaces.fw
#
@ -420,7 +420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:40 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:37:59 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-prolog-top.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:42 2011 PST by vadim
# Generated Thu Feb 17 17:37:59 2011 PST by vadim
#
# files: * firewall-ipv6-prolog-top.fw /etc/firewall-ipv6-prolog-top.fw
#
@ -420,7 +420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:42 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:37:59 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-server-1-s.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:43 2011 PST by vadim
# Generated Thu Feb 17 17:38:02 2011 PST by vadim
#
# files: * firewall-server-1-s.fw /etc/fw/firewall-server-1-s.fw
#
@ -393,7 +393,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:43 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:02 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

76
test/ipt/firewall.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:24:42 2011 PST by vadim
# Generated Thu Feb 17 17:33:43 2011 PST by vadim
#
# files: * firewall.fw /etc/fw/firewall.fw
#
@ -357,7 +357,7 @@ script_body() {
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j NETMAP --to 222.222.222.0/24
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j NETMAP --to 222.222.222.0/24
#
# Rule 2 (NAT)
#
@ -382,7 +382,7 @@ script_body() {
#
echo "Rule 4 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.20 --dport 80 -j DNAT --to-destination :3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.20 --dport 80 -j DNAT --to-destination :3128
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s 192.168.1.0/24 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 5 (NAT)
@ -396,29 +396,29 @@ script_body() {
#
echo "Rule 6 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 25 -j DNAT --to-destination 192.168.1.10:25
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 222.222.222.222 --dport 25 -j DNAT --to-destination 192.168.1.10:25
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 25 -j DNAT --to-destination 192.168.1.10:25
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 222.222.222.222 --dport 25 -j DNAT --to-destination 192.168.1.10:25
#
# Rule 7 (NAT)
#
echo "Rule 7 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 192.168.1.1 --icmp-type 8/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 222.222.222.222 --icmp-type 8/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 192.168.1.1 --icmp-type 8/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 222.222.222.222 --icmp-type 8/0 -j DNAT --to-destination 192.168.1.10
#
# Rule 8 (NAT)
#
echo "Rule 8 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 192.168.1.1 --icmp-type 8/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 222.222.222.222 --icmp-type 8/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 192.168.1.1 --icmp-type 8/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 222.222.222.222 --icmp-type 8/0 -j DNAT --to-destination 192.168.1.10
#
# Rule 9 (NAT)
#
echo "Rule 9 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 1000:1010 -d 192.168.1.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 1000:1010 -d 222.222.222.222 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 1000:1010 -d 192.168.1.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 1000:1010 -d 222.222.222.222 -j DNAT --to-destination 192.168.1.10
#
# Rule 10 (NAT)
#
@ -437,15 +437,15 @@ script_body() {
#
echo "Rule 12 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m mac --mac-source 00:10:4b:de:e9:70 -d 222.222.222.40 --dport 25 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m mac --mac-source 00:10:4b:de:e9:70 -d 222.222.222.41 --dport 25 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m mac --mac-source 00:10:4b:de:e9:70 -d 222.222.222.40 --dport 25 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m mac --mac-source 00:10:4b:de:e9:70 -d 222.222.222.41 --dport 25 -j DNAT --to-destination 192.168.1.10
#
# Rule 13 (NAT)
#
echo "Rule 13 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m mac --mac-source aa:bb:cc:dd:ee:ff -s 192.168.1.15 -d 222.222.222.40 --dport 25 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m mac --mac-source aa:bb:cc:dd:ee:ff -s 192.168.1.15 -d 222.222.222.41 --dport 25 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m mac --mac-source aa:bb:cc:dd:ee:ff -s 192.168.1.15 -d 222.222.222.40 --dport 25 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m mac --mac-source aa:bb:cc:dd:ee:ff -s 192.168.1.15 -d 222.222.222.41 --dport 25 -j DNAT --to-destination 192.168.1.10
#
# Rule 14 (NAT)
#
@ -453,30 +453,30 @@ script_body() {
#
$IPTABLES -t nat -N Cid445F52DE31658.0
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j Cid445F52DE31658.0
$IPTABLES -t nat -A Cid445F52DE31658.0 -d 61.150.47.112 -j RETURN
$IPTABLES -t nat -A Cid445F52DE31658.0 -d 223.223.223.223 -j RETURN
$IPTABLES -t nat -A Cid445F52DE31658.0 -p tcp -m tcp --dport 80 -j SNAT --to-source 222.222.222.222
$IPTABLES -t nat -A Cid445F52DE31658.0 -d 61.150.47.112 -j RETURN
$IPTABLES -t nat -A Cid445F52DE31658.0 -d 223.223.223.223 -j RETURN
$IPTABLES -t nat -A Cid445F52DE31658.0 -p tcp -m tcp --dport 80 -j SNAT --to-source 222.222.222.222
#
# Rule 15 (NAT)
#
echo "Rule 15 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 1024:65535 -d 192.168.1.1 --dport 80 -j DNAT --to-destination 192.168.1.10:80
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 1024:65535 -d 222.222.222.222 --dport 80 -j DNAT --to-destination 192.168.1.10:80
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 1024:65535 -d 192.168.1.1 --dport 80 -j DNAT --to-destination 192.168.1.10:80
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 1024:65535 -d 222.222.222.222 --dport 80 -j DNAT --to-destination 192.168.1.10:80
#
# Rule 16 (NAT)
#
echo "Rule 16 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 53 -d 192.168.1.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 53 -d 222.222.222.222 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 53 -d 192.168.1.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 53 -d 222.222.222.222 -j DNAT --to-destination 192.168.1.10
#
# Rule 17 (NAT)
#
echo "Rule 17 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 4000:4010 -j DNAT --to-destination 192.168.1.10:4000-4010
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 222.222.222.222 --dport 4000:4010 -j DNAT --to-destination 192.168.1.10:4000-4010
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 4000:4010 -j DNAT --to-destination 192.168.1.10:4000-4010
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 222.222.222.222 --dport 4000:4010 -j DNAT --to-destination 192.168.1.10:4000-4010
#
# Rule 18 (NAT)
#
@ -488,13 +488,13 @@ script_body() {
#
echo "Rule 19 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.10 --dport 3128 -j DNAT --to-destination :80
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.10 --dport 3128 -j DNAT --to-destination :80
#
# Rule 20 (NAT)
#
echo "Rule 20 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 3128 -j DNAT --to-destination :80
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 3128 -j DNAT --to-destination :80
#
# Rule 21 (NAT)
#
@ -504,10 +504,10 @@ script_body() {
# and account for
# no more than 15 ports
# per rule
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 222.222.222.222 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 222.222.222.222 --dports 6667,3128,113,53,21,80,119,25,22,23,540,70,13,2105,443 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 222.222.222.222 --dports 143,993,6667,543,544,389,98,3306,2049,110,5432,515,26000,512,513 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 222.222.222.222 --dports 514,4321,465,1080,111,7100 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 222.222.222.222 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 222.222.222.222 --dports 6667,3128,113,53,21,80,119,25,22,23,540,70,13,2105,443 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 222.222.222.222 --dports 143,993,6667,543,544,389,98,3306,2049,110,5432,515,26000,512,513 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 222.222.222.222 --dports 514,4321,465,1080,111,7100 -j DNAT --to-destination 192.168.1.10
#
# Rule 22 (NAT)
#
@ -518,12 +518,12 @@ script_body() {
# no more than 15 ports
# per rule
$IPTABLES -t nat -N Cid3EF4288E.0
$IPTABLES -t nat -A PREROUTING -d 222.222.222.222 -j Cid3EF4288E.0
$IPTABLES -t nat -A Cid3EF4288E.0 -p tcp -m tcp --dport 10000:11000 -j RETURN
$IPTABLES -t nat -A Cid3EF4288E.0 -p tcp -m tcp -m multiport --dports 6667,3128,113,53,21,80,119,25,22,23,540,70,13,2105,443 -j RETURN
$IPTABLES -t nat -A Cid3EF4288E.0 -p tcp -m tcp -m multiport --dports 143,993,6667,543,544,389,98,3306,2049,110,5432,515,26000,512,513 -j RETURN
$IPTABLES -t nat -A Cid3EF4288E.0 -p tcp -m tcp -m multiport --dports 514,4321,465,1080,111,7100 -j RETURN
$IPTABLES -t nat -A Cid3EF4288E.0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -d 222.222.222.222 -j Cid3EF4288E.0
$IPTABLES -t nat -A Cid3EF4288E.0 -p tcp -m tcp --dport 10000:11000 -j RETURN
$IPTABLES -t nat -A Cid3EF4288E.0 -p tcp -m tcp -m multiport --dports 6667,3128,113,53,21,80,119,25,22,23,540,70,13,2105,443 -j RETURN
$IPTABLES -t nat -A Cid3EF4288E.0 -p tcp -m tcp -m multiport --dports 143,993,6667,543,544,389,98,3306,2049,110,5432,515,26000,512,513 -j RETURN
$IPTABLES -t nat -A Cid3EF4288E.0 -p tcp -m tcp -m multiport --dports 514,4321,465,1080,111,7100 -j RETURN
$IPTABLES -t nat -A Cid3EF4288E.0 -j DNAT --to-destination 192.168.1.10
@ -1341,7 +1341,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:24:42 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:33:43 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

90
test/ipt/firewall1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:24:44 2011 PST by vadim
# Generated Thu Feb 17 17:33:45 2011 PST by vadim
#
# files: * firewall1.fw /etc/fw/firewall1.fw
#
@ -306,8 +306,8 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
#
# Rule 1 (NAT)
#
@ -364,11 +364,11 @@ script_body() {
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid3CCA1B57.0
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j Cid3CCA1B57.0
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j Cid3CCA1B57.0
$IPTABLES -t nat -A Cid3CCA1B57.0 -d 192.168.1.0/24 -j RETURN
$IPTABLES -t nat -A Cid3CCA1B57.0 -d 192.168.2.0/24 -j RETURN
$IPTABLES -t nat -A Cid3CCA1B57.0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A Cid3CCA1B57.0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A Cid3CCA1B57.0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A Cid3CCA1B57.0 -d 192.168.1.0/24 -j RETURN
$IPTABLES -t nat -A Cid3CCA1B57.0 -d 192.168.2.0/24 -j RETURN
$IPTABLES -t nat -A Cid3CCA1B57.0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A Cid3CCA1B57.0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A Cid3CCA1B57.0 -j SNAT --to-source 192.168.2.1
#
# Rule 9 (NAT)
#
@ -378,11 +378,11 @@ script_body() {
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid3EB38983.0
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j Cid3EB38983.0
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j Cid3EB38983.0
$IPTABLES -t nat -A Cid3EB38983.0 -d 192.168.1.0/24 -j RETURN
$IPTABLES -t nat -A Cid3EB38983.0 -d 192.168.2.0/24 -j RETURN
$IPTABLES -t nat -A Cid3EB38983.0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A Cid3EB38983.0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A Cid3EB38983.0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A Cid3EB38983.0 -d 192.168.1.0/24 -j RETURN
$IPTABLES -t nat -A Cid3EB38983.0 -d 192.168.2.0/24 -j RETURN
$IPTABLES -t nat -A Cid3EB38983.0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A Cid3EB38983.0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A Cid3EB38983.0 -j SNAT --to-source 192.168.2.1
#
# Rule 10 (NAT)
#
@ -397,75 +397,75 @@ script_body() {
echo "Rule 11 (NAT)"
#
$IPTABLES -t nat -N Cid3BD8D94B.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j Cid3BD8D94B.0
$IPTABLES -t nat -A Cid3BD8D94B.0 -d 22.22.22.22 -j RETURN
$IPTABLES -t nat -A Cid3BD8D94B.0 -d 22.22.23.23 -j RETURN
$IPTABLES -t nat -A Cid3BD8D94B.0 -d 192.168.1.1 -j RETURN
$IPTABLES -t nat -A Cid3BD8D94B.0 -d 192.168.2.1 -j RETURN
$IPTABLES -t nat -A Cid3BD8D94B.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j Cid3BD8D94B.0
$IPTABLES -t nat -A Cid3BD8D94B.0 -d 22.22.22.22 -j RETURN
$IPTABLES -t nat -A Cid3BD8D94B.0 -d 22.22.23.23 -j RETURN
$IPTABLES -t nat -A Cid3BD8D94B.0 -d 192.168.1.1 -j RETURN
$IPTABLES -t nat -A Cid3BD8D94B.0 -d 192.168.2.1 -j RETURN
$IPTABLES -t nat -A Cid3BD8D94B.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
#
# Rule 12 (NAT)
#
echo "Rule 12 (NAT)"
#
$IPTABLES -t nat -N Cid3BD8D9DD.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j Cid3BD8D9DD.0
$IPTABLES -t nat -A Cid3BD8D9DD.0 -d 192.168.1.1 -j RETURN
$IPTABLES -t nat -A Cid3BD8D9DD.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j Cid3BD8D9DD.0
$IPTABLES -t nat -A Cid3BD8D9DD.0 -d 192.168.1.1 -j RETURN
$IPTABLES -t nat -A Cid3BD8D9DD.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
#
# Rule 13 (NAT)
#
echo "Rule 13 (NAT)"
#
$IPTABLES -t nat -N Cid3BBC0EA4.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.10 --dport 80 -j Cid3BBC0EA4.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.20 --dport 80 -j Cid3BBC0EA4.0
$IPTABLES -t nat -A Cid3BBC0EA4.0 -d 192.168.1.0/24 -j RETURN
$IPTABLES -t nat -A Cid3BBC0EA4.0 -d 192.168.2.0/24 -j RETURN
$IPTABLES -t nat -A Cid3BBC0EA4.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.10 --dport 80 -j Cid3BBC0EA4.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.20 --dport 80 -j Cid3BBC0EA4.0
$IPTABLES -t nat -A Cid3BBC0EA4.0 -d 192.168.1.0/24 -j RETURN
$IPTABLES -t nat -A Cid3BBC0EA4.0 -d 192.168.2.0/24 -j RETURN
$IPTABLES -t nat -A Cid3BBC0EA4.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
#
# Rule 14 (NAT)
#
echo "Rule 14 (NAT)"
#
$IPTABLES -t nat -N Cid3BBC0F93.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.0/24 --dport 80 -j Cid3BBC0F93.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.0/24 --dport 80 -j Cid3BBC0F93.0
$IPTABLES -t nat -A Cid3BBC0F93.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid3BBC0F93.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid3BBC0F93.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.0/24 --dport 80 -j Cid3BBC0F93.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.0/24 --dport 80 -j Cid3BBC0F93.0
$IPTABLES -t nat -A Cid3BBC0F93.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid3BBC0F93.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid3BBC0F93.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
#
# Rule 15 (NAT)
#
echo "Rule 15 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j REDIRECT --to-ports 3128
#
# Rule 16 (NAT)
#
echo "Rule 16 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 5000 -d 22.22.22.23 --dport 5000:5010 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.23 --dport 4000:4010 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 9000 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 6667,3128 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 5000 -d 22.22.22.23 --dport 5000:5010 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.23 --dport 4000:4010 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 9000 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 6667,3128 -j DNAT --to-destination 192.168.1.10
#
# Rule 17 (NAT)
#
echo "Rule 17 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.0/24 --dport 80 -j DNAT --to-destination :3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.0/24 --dport 80 -j DNAT --to-destination :3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.0/24 --dport 80 -j DNAT --to-destination :3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.0/24 --dport 80 -j DNAT --to-destination :3128
#
# Rule 18 (NAT)
#
echo "Rule 18 (NAT)"
#
$IPTABLES -t nat -N Cid3EB38A91.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid3EB38A91.0
$IPTABLES -t nat -A Cid3EB38A91.0 -d 192.168.1.0/24 -j RETURN
$IPTABLES -t nat -A Cid3EB38A91.0 -d 192.168.2.0/24 -j RETURN
$IPTABLES -t nat -A Cid3EB38A91.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination :3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid3EB38A91.0
$IPTABLES -t nat -A Cid3EB38A91.0 -d 192.168.1.0/24 -j RETURN
$IPTABLES -t nat -A Cid3EB38A91.0 -d 192.168.2.0/24 -j RETURN
$IPTABLES -t nat -A Cid3EB38A91.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination :3128
@ -1252,7 +1252,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:24:44 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:33:45 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall10.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:24:45 2011 PST by vadim
# Generated Thu Feb 17 17:33:46 2011 PST by vadim
#
# files: * firewall10.fw /etc/fw/firewall10.fw
#
@ -473,7 +473,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:24:45 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:33:46 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/firewall11.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:24:47 2011 PST by vadim
# Generated Thu Feb 17 17:33:48 2011 PST by vadim
#
# files: * firewall11.fw /etc/fw/firewall11.fw
#
@ -327,7 +327,7 @@ script_body() {
# see SF bug 3057503
for i_br0 in $i_br0_list
do
test -n "$i_br0" && $IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination $i_br0:3128
test -n "$i_br0" && $IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination $i_br0:3128
done
@ -589,7 +589,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:24:47 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:33:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

42
test/ipt/firewall12.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:24:48 2011 PST by vadim
# Generated Thu Feb 17 17:33:49 2011 PST by vadim
#
# files: * firewall12.fw /etc/fw/firewall12.fw
#
@ -322,46 +322,46 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination :8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination :8080
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.22 --dport 80 -j DNAT --to-destination :8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.22 --dport 80 -j DNAT --to-destination :8080
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.22 --dport 80 -j DNAT --to-destination :8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.22 --dport 80 -j DNAT --to-destination :8080
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j REDIRECT --to-ports 8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.22 --dport 80 -j REDIRECT --to-ports 8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j REDIRECT --to-ports 8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.22 --dport 80 -j REDIRECT --to-ports 8080
#
# Rule 4 (NAT)
#
echo "Rule 4 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j REDIRECT --to-ports 8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.22 --dport 80 -j REDIRECT --to-ports 8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j REDIRECT --to-ports 8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.22 --dport 80 -j REDIRECT --to-ports 8080
#
# Rule 5 (NAT)
#
echo "Rule 5 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 22.22.22.22:8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.22 --dport 80 -j DNAT --to-destination 22.22.22.22:8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 22.22.22.22:8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.22 --dport 80 -j DNAT --to-destination 22.22.22.22:8080
#
# Rule 6 (NAT)
#
echo "Rule 6 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
#
# Rule 7 (NAT)
#
@ -381,21 +381,21 @@ script_body() {
echo "Rule 9 (NAT)"
#
# port-only translation
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
#
# Rule 10 (NAT)
#
echo "Rule 10 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
#
# Rule 11 (NAT)
#
echo "Rule 11 (NAT)"
#
# SDNAT
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.0.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.0.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 192.168.1.10 --dport 22 -j SNAT --to-source 192.0.2.1
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 192.168.1.10 --dport 22 -j SNAT --to-source 192.168.1.1
#
@ -404,8 +404,8 @@ script_body() {
echo "Rule 12 (NAT)"
#
# SDNAT with source port
$IPTABLES -t nat -A PREROUTING -p udp -m udp --sport 123 -d 192.0.2.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p udp -m udp --sport 123 -d 192.168.1.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p udp -m udp --sport 123 -d 192.0.2.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p udp -m udp --sport 123 -d 192.168.1.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp --sport 123 -d 192.168.1.10 -j SNAT --to-source 192.0.2.1:5050
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp --sport 123 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1:5050
#
@ -414,7 +414,7 @@ script_body() {
echo "Rule 13 (NAT)"
#
# SDNAT with dest port
$IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --dport 53 -j DNAT --to-destination 192.168.1.10:1053
$IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --dport 53 -j DNAT --to-destination 192.168.1.10:1053
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.0.2.1
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1
#
@ -425,7 +425,7 @@ script_body() {
# SDNAT
# translate src and dst addresses
# and src and dst ports
$IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --sport 1024:65535 --dport 53 -j DNAT --to-destination 192.168.1.10:1053
$IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --sport 1024:65535 --dport 53 -j DNAT --to-destination 192.168.1.10:1053
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.0.2.1:32767-65535
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1:32767-65535
#
@ -511,7 +511,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:24:48 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:33:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall13.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:24:49 2011 PST by vadim
# Generated Thu Feb 17 17:33:51 2011 PST by vadim
#
# files: * firewall13.fw /etc/fw/firewall13.fw
#
@ -385,7 +385,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:24:49 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:33:51 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall14.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:24:51 2011 PST by vadim
# Generated Thu Feb 17 17:33:52 2011 PST by vadim
#
# files: * firewall14.fw /etc/fw/firewall14.fw
#
@ -404,7 +404,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:24:51 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:33:52 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall15.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:24:52 2011 PST by vadim
# Generated Thu Feb 17 17:33:54 2011 PST by vadim
#
# files: * firewall15.fw /etc/fw/firewall15.fw
#
@ -388,7 +388,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:24:52 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:33:54 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

56
test/ipt/firewall16.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:24:53 2011 PST by vadim
# Generated Thu Feb 17 17:33:56 2011 PST by vadim
#
# files: * firewall16.fw /etc/fw/firewall16.fw
#
@ -314,12 +314,12 @@ script_body() {
# should generate code in both PREROUTING
# and OUTPUT chain because option "local NAT"
# is enabled
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.22 --dport 80 -j DNAT --to-destination 192.168.2.10:80
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.22 --dport 80 -j DNAT --to-destination 192.168.2.10:80
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 80 -j DNAT --to-destination 192.168.2.10:80
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.22 --dport 80 -j DNAT --to-destination 192.168.2.10:80
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.22 --dport 80 -j DNAT --to-destination 192.168.2.10:80
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.1 --dport 80 -j DNAT --to-destination 192.168.2.10:80
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.22 --dport 80 -j DNAT --to-destination 192.168.2.10:80
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.22 --dport 80 -j DNAT --to-destination 192.168.2.10:80
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 80 -j DNAT --to-destination 192.168.2.10:80
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.22 --dport 80 -j DNAT --to-destination 192.168.2.10:80
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.22 --dport 80 -j DNAT --to-destination 192.168.2.10:80
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.1 --dport 80 -j DNAT --to-destination 192.168.2.10:80
#
# Rule 1 (NAT)
#
@ -332,26 +332,26 @@ script_body() {
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.1.10:3128
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 8080 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 8080 -j DNAT --to-destination 192.168.1.10:3128
#
# Rule 4 (NAT)
#
echo "Rule 4 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -s 192.168.2.1 --dport 8080 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -s 192.168.2.1 --dport 8080 -j DNAT --to-destination 192.168.1.10:3128
#
# Rule 5 (NAT)
#
echo "Rule 5 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -s 192.168.2.1 --dport 8080 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -s 192.168.2.1 --dport 8080 -j DNAT --to-destination 192.168.1.10:3128
#
# Rule 6 (NAT)
#
@ -386,35 +386,35 @@ script_body() {
#
echo "Rule 10 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -s 22.22.23.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 22.22.23.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -j ACCEPT
#
# Rule 11 (NAT)
#
echo "Rule 11 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -s 22.22.23.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 22.22.23.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -j ACCEPT
#
# Rule 12 (NAT)
#
echo "Rule 12 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -s 192.168.2.1 -j ACCEPT
#
# Rule 13 (NAT)
#
echo "Rule 13 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -s 192.168.2.1 -j ACCEPT
@ -492,7 +492,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:24:53 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:33:56 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall17.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:24:55 2011 PST by vadim
# Generated Thu Feb 17 17:33:57 2011 PST by vadim
#
# files: * firewall17.fw /etc/fw/firewall17.fw
#
@ -471,7 +471,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:24:55 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:33:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall18.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:24:56 2011 PST by vadim
# Generated Thu Feb 17 17:33:59 2011 PST by vadim
#
# files: * firewall18.fw /etc/fw/firewall18.fw
#
@ -504,7 +504,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:24:56 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:33:59 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall19.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:24:58 2011 PST by vadim
# Generated Thu Feb 17 17:34:01 2011 PST by vadim
#
# files: * firewall19.fw /etc/fw/firewall19.fw
#
@ -509,7 +509,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:24:58 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:01 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

276
test/ipt/firewall2-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:07 2011 PST by vadim
# Generated Thu Feb 17 17:34:10 2011 PST by vadim
#
# files: * firewall2-1.fw /etc/fw/firewall2-1.fw
#
@ -460,100 +460,100 @@ script_body() {
echo "Rule 9 (NAT)"
#
$IPTABLES -t nat -N Cid31547X1798.0
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.10 -j Cid31547X1798.0
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.11 -j Cid31547X1798.0
$IPTABLES -t nat -A Cid31547X1798.0 -s 22.22.22.22 -j ACCEPT
$IPTABLES -t nat -A Cid31547X1798.0 -s 22.22.23.23 -j ACCEPT
$IPTABLES -t nat -A Cid31547X1798.0 -s 22.22.25.50 -j ACCEPT
$IPTABLES -t nat -A Cid31547X1798.0 -s 192.168.1.1 -j ACCEPT
$IPTABLES -t nat -A Cid31547X1798.0 -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A Cid31547X1798.0 -s 192.168.2.40 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -d 192.168.2.10 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -d 192.168.2.11 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.10 -j Cid31547X1798.0
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.11 -j Cid31547X1798.0
$IPTABLES -t nat -A Cid31547X1798.0 -s 22.22.22.22 -j ACCEPT
$IPTABLES -t nat -A Cid31547X1798.0 -s 22.22.23.23 -j ACCEPT
$IPTABLES -t nat -A Cid31547X1798.0 -s 22.22.25.50 -j ACCEPT
$IPTABLES -t nat -A Cid31547X1798.0 -s 192.168.1.1 -j ACCEPT
$IPTABLES -t nat -A Cid31547X1798.0 -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A Cid31547X1798.0 -s 192.168.2.40 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -d 192.168.2.10 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -d 192.168.2.11 -j ACCEPT
$IPTABLES -t nat -N Cid31547X1798.1
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.10 -j Cid31547X1798.1
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.11 -j Cid31547X1798.1
$IPTABLES -t nat -A Cid31547X1798.1 -s 192.168.1.10 -j ACCEPT
$IPTABLES -t nat -A Cid31547X1798.1 -s 192.168.1.20 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.10 -j Cid31547X1798.1
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.11 -j Cid31547X1798.1
$IPTABLES -t nat -A Cid31547X1798.1 -s 192.168.1.10 -j ACCEPT
$IPTABLES -t nat -A Cid31547X1798.1 -s 192.168.1.20 -j ACCEPT
$IPTABLES -t nat -N Cid31547X1798.2
$IPTABLES -t nat -A PREROUTING -d 192.168.2.10 -j Cid31547X1798.2
$IPTABLES -t nat -A PREROUTING -d 192.168.2.11 -j Cid31547X1798.2
$IPTABLES -t nat -A Cid31547X1798.2 -s 192.168.1.10 -j ACCEPT
$IPTABLES -t nat -A Cid31547X1798.2 -s 192.168.1.20 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -d 192.168.2.10 -j Cid31547X1798.2
$IPTABLES -t nat -A PREROUTING -d 192.168.2.11 -j Cid31547X1798.2
$IPTABLES -t nat -A Cid31547X1798.2 -s 192.168.1.10 -j ACCEPT
$IPTABLES -t nat -A Cid31547X1798.2 -s 192.168.1.20 -j ACCEPT
#
# Rule 10 (NAT)
#
echo "Rule 10 (NAT)"
#
$IPTABLES -t nat -N Cid31565X1798.0
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.10 -j Cid31565X1798.0
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.20 -j Cid31565X1798.0
$IPTABLES -t nat -A PREROUTING -s 192.168.1.10 -j Cid31565X1798.0
$IPTABLES -t nat -A PREROUTING -s 192.168.1.20 -j Cid31565X1798.0
$IPTABLES -t nat -A Cid31565X1798.0 -d 192.168.2.10 -j RETURN
$IPTABLES -t nat -A Cid31565X1798.0 -d 192.168.2.11 -j RETURN
$IPTABLES -t nat -A Cid31565X1798.0 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.10 -j Cid31565X1798.0
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.20 -j Cid31565X1798.0
$IPTABLES -t nat -A PREROUTING -s 192.168.1.10 -j Cid31565X1798.0
$IPTABLES -t nat -A PREROUTING -s 192.168.1.20 -j Cid31565X1798.0
$IPTABLES -t nat -A Cid31565X1798.0 -d 192.168.2.10 -j RETURN
$IPTABLES -t nat -A Cid31565X1798.0 -d 192.168.2.11 -j RETURN
$IPTABLES -t nat -A Cid31565X1798.0 -j ACCEPT
#
# Rule 11 (NAT)
#
echo "Rule 11 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
#
# Rule 12 (NAT)
#
echo "Rule 12 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 13 (NAT)
#
echo "Rule 13 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -s 22.22.23.23 -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -s 22.22.25.50 -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -s 22.22.23.23 -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -s 22.22.25.50 -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 14 (NAT)
#
echo "Rule 14 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -s 200.200.200.200 -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -s 200.200.200.200 -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 16 (NAT)
#
echo "Rule 16 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.24 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.25 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.24 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.25 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.24 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.25 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.24 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.25 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 17 (NAT)
#
echo "Rule 17 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 119 -j DNAT --to-destination 192.168.1.10
#
# Rule 18 (NAT)
#
@ -565,8 +565,8 @@ script_body() {
#
echo "Rule 19 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -d 22.22.23.24 -j DNAT --to-destination 192.168.1.20
$IPTABLES -t nat -A OUTPUT -d 22.22.23.24 -j DNAT --to-destination 192.168.1.20
$IPTABLES -t nat -A PREROUTING -d 22.22.23.24 -j DNAT --to-destination 192.168.1.20
$IPTABLES -t nat -A OUTPUT -d 22.22.23.24 -j DNAT --to-destination 192.168.1.20
#
# Rule 20 (NAT)
#
@ -580,102 +580,102 @@ script_body() {
echo "Rule 21 (NAT)"
#
# NETMAP
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j NETMAP --to 22.22.22.0/24
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j NETMAP --to 22.22.22.0/24
#
# Rule 22 (NAT)
#
echo "Rule 22 (NAT)"
#
# NETMAP
$IPTABLES -t nat -A PREROUTING -d 22.22.22.0/24 -j NETMAP --to 192.168.1.0/24
$IPTABLES -t nat -A PREROUTING -d 22.22.22.0/24 -j NETMAP --to 192.168.1.0/24
#
# Rule 23 (NAT)
#
echo "Rule 23 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.40 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.40 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
#
# Rule 24 (NAT)
#
echo "Rule 24 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1
#
# Rule 25 (NAT)
#
echo "Rule 25 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination 192.168.1.10:25
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination 192.168.1.10:25
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination 192.168.1.10:25
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination 192.168.1.10:25
#
# Rule 26 (NAT)
#
echo "Rule 26 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 443 -j REDIRECT --to-ports 3128
#
# Rule 27 (NAT)
#
echo "Rule 27 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.10-192.168.1.100
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.10-192.168.1.100
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.10-192.168.1.100
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.10-192.168.1.100
#
# Rule 28 (NAT)
#
echo "Rule 28 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.11-192.168.1.15
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.11-192.168.1.15
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.11-192.168.1.15
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.11-192.168.1.15
#
# Rule 29 (NAT)
#
echo "Rule 29 (NAT)"
#
# transparent proxy rule
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d ! 22.22.22.23 -j DNAT --to-destination 192.168.2.10
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d ! 22.22.22.23 -j DNAT --to-destination 192.168.2.10
#
# Rule 31 (NAT)
#
echo "Rule 31 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
#
# Rule 32 (NAT)
#
echo "Rule 32 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:8080
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:8080
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:8080
#
# Rule 33 (NAT)
#
@ -687,9 +687,9 @@ script_body() {
#
echo "Rule 34 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 35 (NAT)
@ -697,11 +697,11 @@ script_body() {
echo "Rule 35 (NAT)"
#
$IPTABLES -t nat -N Cid31935X1798.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d ! 192.168.1.50 --dport 80 -j Cid31935X1798.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d ! 192.168.1.50 --dport 80 -j Cid31935X1798.0
$IPTABLES -t nat -A Cid31935X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid31935X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid31935X1798.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.50:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d ! 192.168.1.50 --dport 80 -j Cid31935X1798.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d ! 192.168.1.50 --dport 80 -j Cid31935X1798.0
$IPTABLES -t nat -A Cid31935X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid31935X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid31935X1798.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.50:3128
#
# Rule 36 (NAT)
#
@ -709,18 +709,18 @@ script_body() {
#
$IPTABLES -t nat -N Cid31949X1798.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid31949X1798.1
$IPTABLES -t nat -A Cid31949X1798.1 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid31949X1798.1 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid31949X1798.1 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid31949X1798.1 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -N Cid31949X1798.0
$IPTABLES -t nat -A Cid31949X1798.1 -j Cid31949X1798.0
$IPTABLES -t nat -A Cid31949X1798.0 -p tcp -m tcp --dport 80 -j RETURN
$IPTABLES -t nat -A Cid31949X1798.0 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A Cid31949X1798.1 -j Cid31949X1798.0
$IPTABLES -t nat -A Cid31949X1798.0 -p tcp -m tcp --dport 80 -j RETURN
$IPTABLES -t nat -A Cid31949X1798.0 -j SNAT --to-source 192.168.1.1
#
# Rule 37 (NAT)
#
echo "Rule 37 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 38 (NAT)
@ -736,7 +736,7 @@ script_body() {
#
echo "Rule 39 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.1:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.1:3128
#
# Rule 40 (NAT)
#
@ -754,11 +754,11 @@ script_body() {
# testing transparent proxy
# roules for a support req.
$IPTABLES -t nat -N Cid32019X1798.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid32019X1798.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid32019X1798.0
$IPTABLES -t nat -A Cid32019X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid32019X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid32019X1798.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid32019X1798.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid32019X1798.0
$IPTABLES -t nat -A Cid32019X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid32019X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid32019X1798.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128
#
# Rule 42 (NAT)
#
@ -767,11 +767,11 @@ script_body() {
# testing transparent proxy
# roules for a support req.
$IPTABLES -t nat -N Cid32033X1798.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid32033X1798.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid32033X1798.0
$IPTABLES -t nat -A Cid32033X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid32033X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid32033X1798.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid32033X1798.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid32033X1798.0
$IPTABLES -t nat -A Cid32033X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid32033X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid32033X1798.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128
#
# Rule 43 (NAT)
#
@ -780,10 +780,10 @@ script_body() {
# testing transparent proxy
# roules for a support req.
$IPTABLES -t nat -N Cid32047X1798.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid32047X1798.0
$IPTABLES -t nat -A Cid32047X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid32047X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid32047X1798.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid32047X1798.0
$IPTABLES -t nat -A Cid32047X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid32047X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid32047X1798.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
#
# Rule 44 (NAT)
#
@ -801,11 +801,11 @@ script_body() {
# testing transparent proxy
# roules for a support req.
$IPTABLES -t nat -N Cid32075X1798.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid32075X1798.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid32075X1798.0
$IPTABLES -t nat -A Cid32075X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid32075X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid32075X1798.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.50:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid32075X1798.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid32075X1798.0
$IPTABLES -t nat -A Cid32075X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid32075X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid32075X1798.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.50:3128
@ -1420,7 +1420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:07 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:10 2011 by vadim"
check_tools
check_run_time_address_table_files

276
test/ipt/firewall2-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:11 2011 PST by vadim
# Generated Thu Feb 17 17:34:15 2011 PST by vadim
#
# files: * firewall2-2.fw /etc/fw/firewall2-2.fw
#
@ -459,100 +459,100 @@ script_body() {
echo "Rule 9 (NAT)"
#
$IPTABLES -t nat -N Cid32503X1798.0
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.10 -j Cid32503X1798.0
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.11 -j Cid32503X1798.0
$IPTABLES -t nat -A Cid32503X1798.0 -s 22.22.22.22 -j ACCEPT
$IPTABLES -t nat -A Cid32503X1798.0 -s 22.22.23.23 -j ACCEPT
$IPTABLES -t nat -A Cid32503X1798.0 -s 22.22.25.50 -j ACCEPT
$IPTABLES -t nat -A Cid32503X1798.0 -s 192.168.1.1 -j ACCEPT
$IPTABLES -t nat -A Cid32503X1798.0 -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A Cid32503X1798.0 -s 192.168.2.40 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -d 192.168.2.10 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -d 192.168.2.11 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.10 -j Cid32503X1798.0
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.11 -j Cid32503X1798.0
$IPTABLES -t nat -A Cid32503X1798.0 -s 22.22.22.22 -j ACCEPT
$IPTABLES -t nat -A Cid32503X1798.0 -s 22.22.23.23 -j ACCEPT
$IPTABLES -t nat -A Cid32503X1798.0 -s 22.22.25.50 -j ACCEPT
$IPTABLES -t nat -A Cid32503X1798.0 -s 192.168.1.1 -j ACCEPT
$IPTABLES -t nat -A Cid32503X1798.0 -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A Cid32503X1798.0 -s 192.168.2.40 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -d 192.168.2.10 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -d 192.168.2.11 -j ACCEPT
$IPTABLES -t nat -N Cid32503X1798.1
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.10 -j Cid32503X1798.1
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.11 -j Cid32503X1798.1
$IPTABLES -t nat -A Cid32503X1798.1 -s 192.168.1.10 -j ACCEPT
$IPTABLES -t nat -A Cid32503X1798.1 -s 192.168.1.20 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.10 -j Cid32503X1798.1
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.11 -j Cid32503X1798.1
$IPTABLES -t nat -A Cid32503X1798.1 -s 192.168.1.10 -j ACCEPT
$IPTABLES -t nat -A Cid32503X1798.1 -s 192.168.1.20 -j ACCEPT
$IPTABLES -t nat -N Cid32503X1798.2
$IPTABLES -t nat -A PREROUTING -d 192.168.2.10 -j Cid32503X1798.2
$IPTABLES -t nat -A PREROUTING -d 192.168.2.11 -j Cid32503X1798.2
$IPTABLES -t nat -A Cid32503X1798.2 -s 192.168.1.10 -j ACCEPT
$IPTABLES -t nat -A Cid32503X1798.2 -s 192.168.1.20 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -d 192.168.2.10 -j Cid32503X1798.2
$IPTABLES -t nat -A PREROUTING -d 192.168.2.11 -j Cid32503X1798.2
$IPTABLES -t nat -A Cid32503X1798.2 -s 192.168.1.10 -j ACCEPT
$IPTABLES -t nat -A Cid32503X1798.2 -s 192.168.1.20 -j ACCEPT
#
# Rule 10 (NAT)
#
echo "Rule 10 (NAT)"
#
$IPTABLES -t nat -N Cid32521X1798.0
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.10 -j Cid32521X1798.0
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.20 -j Cid32521X1798.0
$IPTABLES -t nat -A PREROUTING -s 192.168.1.10 -j Cid32521X1798.0
$IPTABLES -t nat -A PREROUTING -s 192.168.1.20 -j Cid32521X1798.0
$IPTABLES -t nat -A Cid32521X1798.0 -d 192.168.2.10 -j RETURN
$IPTABLES -t nat -A Cid32521X1798.0 -d 192.168.2.11 -j RETURN
$IPTABLES -t nat -A Cid32521X1798.0 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.10 -j Cid32521X1798.0
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.20 -j Cid32521X1798.0
$IPTABLES -t nat -A PREROUTING -s 192.168.1.10 -j Cid32521X1798.0
$IPTABLES -t nat -A PREROUTING -s 192.168.1.20 -j Cid32521X1798.0
$IPTABLES -t nat -A Cid32521X1798.0 -d 192.168.2.10 -j RETURN
$IPTABLES -t nat -A Cid32521X1798.0 -d 192.168.2.11 -j RETURN
$IPTABLES -t nat -A Cid32521X1798.0 -j ACCEPT
#
# Rule 11 (NAT)
#
echo "Rule 11 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
#
# Rule 12 (NAT)
#
echo "Rule 12 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 13 (NAT)
#
echo "Rule 13 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -s 22.22.23.23 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -s 22.22.25.50 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -s 22.22.23.23 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -s 22.22.25.50 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 14 (NAT)
#
echo "Rule 14 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -s 200.200.200.200 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -s 200.200.200.200 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 16 (NAT)
#
echo "Rule 16 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.24 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.25 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.24 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.25 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.24 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.25 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.24 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.25 --dports 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 17 (NAT)
#
echo "Rule 17 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 119 -j DNAT --to-destination 192.168.1.10
#
# Rule 18 (NAT)
#
@ -564,8 +564,8 @@ script_body() {
#
echo "Rule 19 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -d 22.22.23.24 -j DNAT --to-destination 192.168.1.20
$IPTABLES -t nat -A OUTPUT -d 22.22.23.24 -j DNAT --to-destination 192.168.1.20
$IPTABLES -t nat -A PREROUTING -d 22.22.23.24 -j DNAT --to-destination 192.168.1.20
$IPTABLES -t nat -A OUTPUT -d 22.22.23.24 -j DNAT --to-destination 192.168.1.20
#
# Rule 20 (NAT)
#
@ -579,102 +579,102 @@ script_body() {
echo "Rule 21 (NAT)"
#
# NETMAP
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j NETMAP --to 22.22.22.0/24
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j NETMAP --to 22.22.22.0/24
#
# Rule 22 (NAT)
#
echo "Rule 22 (NAT)"
#
# NETMAP
$IPTABLES -t nat -A PREROUTING -d 22.22.22.0/24 -j NETMAP --to 192.168.1.0/24
$IPTABLES -t nat -A PREROUTING -d 22.22.22.0/24 -j NETMAP --to 192.168.1.0/24
#
# Rule 23 (NAT)
#
echo "Rule 23 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.40 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.40 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
#
# Rule 24 (NAT)
#
echo "Rule 24 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1
#
# Rule 25 (NAT)
#
echo "Rule 25 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination 192.168.1.10:25
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination 192.168.1.10:25
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination 192.168.1.10:25
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination 192.168.1.10:25
#
# Rule 26 (NAT)
#
echo "Rule 26 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 443 -j REDIRECT --to-ports 3128
#
# Rule 27 (NAT)
#
echo "Rule 27 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.10-192.168.1.100
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.10-192.168.1.100
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.10-192.168.1.100
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.10-192.168.1.100
#
# Rule 28 (NAT)
#
echo "Rule 28 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.11-192.168.1.15
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.11-192.168.1.15
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.11-192.168.1.15
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.11-192.168.1.15
#
# Rule 29 (NAT)
#
echo "Rule 29 (NAT)"
#
# transparent proxy rule
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d ! 22.22.22.23 -j DNAT --to-destination 192.168.2.10
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d ! 22.22.22.23 -j DNAT --to-destination 192.168.2.10
#
# Rule 31 (NAT)
#
echo "Rule 31 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
#
# Rule 32 (NAT)
#
echo "Rule 32 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:8080
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:8080
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:8080
#
# Rule 33 (NAT)
#
@ -686,9 +686,9 @@ script_body() {
#
echo "Rule 34 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 35 (NAT)
@ -696,11 +696,11 @@ script_body() {
echo "Rule 35 (NAT)"
#
$IPTABLES -t nat -N Cid32891X1798.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d ! 192.168.1.50 --dport 80 -j Cid32891X1798.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d ! 192.168.1.50 --dport 80 -j Cid32891X1798.0
$IPTABLES -t nat -A Cid32891X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid32891X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid32891X1798.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.50:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d ! 192.168.1.50 --dport 80 -j Cid32891X1798.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d ! 192.168.1.50 --dport 80 -j Cid32891X1798.0
$IPTABLES -t nat -A Cid32891X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid32891X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid32891X1798.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.50:3128
#
# Rule 36 (NAT)
#
@ -708,18 +708,18 @@ script_body() {
#
$IPTABLES -t nat -N Cid32905X1798.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid32905X1798.1
$IPTABLES -t nat -A Cid32905X1798.1 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid32905X1798.1 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid32905X1798.1 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid32905X1798.1 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -N Cid32905X1798.0
$IPTABLES -t nat -A Cid32905X1798.1 -j Cid32905X1798.0
$IPTABLES -t nat -A Cid32905X1798.0 -p tcp -m tcp --dport 80 -j RETURN
$IPTABLES -t nat -A Cid32905X1798.0 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A Cid32905X1798.1 -j Cid32905X1798.0
$IPTABLES -t nat -A Cid32905X1798.0 -p tcp -m tcp --dport 80 -j RETURN
$IPTABLES -t nat -A Cid32905X1798.0 -j SNAT --to-source 192.168.1.1
#
# Rule 37 (NAT)
#
echo "Rule 37 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 38 (NAT)
@ -735,7 +735,7 @@ script_body() {
#
echo "Rule 39 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.1:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.1:3128
#
# Rule 40 (NAT)
#
@ -753,11 +753,11 @@ script_body() {
# testing transparent proxy
# roules for a support req.
$IPTABLES -t nat -N Cid32975X1798.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid32975X1798.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid32975X1798.0
$IPTABLES -t nat -A Cid32975X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid32975X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid32975X1798.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid32975X1798.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid32975X1798.0
$IPTABLES -t nat -A Cid32975X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid32975X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid32975X1798.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128
#
# Rule 42 (NAT)
#
@ -766,11 +766,11 @@ script_body() {
# testing transparent proxy
# roules for a support req.
$IPTABLES -t nat -N Cid32989X1798.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid32989X1798.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid32989X1798.0
$IPTABLES -t nat -A Cid32989X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid32989X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid32989X1798.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid32989X1798.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid32989X1798.0
$IPTABLES -t nat -A Cid32989X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid32989X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid32989X1798.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128
#
# Rule 43 (NAT)
#
@ -779,10 +779,10 @@ script_body() {
# testing transparent proxy
# roules for a support req.
$IPTABLES -t nat -N Cid33003X1798.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid33003X1798.0
$IPTABLES -t nat -A Cid33003X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid33003X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid33003X1798.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid33003X1798.0
$IPTABLES -t nat -A Cid33003X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid33003X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid33003X1798.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
#
# Rule 44 (NAT)
#
@ -800,11 +800,11 @@ script_body() {
# testing transparent proxy
# roules for a support req.
$IPTABLES -t nat -N Cid33031X1798.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid33031X1798.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid33031X1798.0
$IPTABLES -t nat -A Cid33031X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid33031X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid33031X1798.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.50:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid33031X1798.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid33031X1798.0
$IPTABLES -t nat -A Cid33031X1798.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid33031X1798.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid33031X1798.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.50:3128
@ -1249,7 +1249,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:11 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:15 2011 by vadim"
check_tools
check_run_time_address_table_files

276
test/ipt/firewall2-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:15 2011 PST by vadim
# Generated Thu Feb 17 17:34:18 2011 PST by vadim
#
# files: * firewall2-3.fw /etc/fw/firewall2-3.fw
#
@ -444,100 +444,100 @@ script_body() {
echo "Rule 9 (NAT)"
#
$IPTABLES -t nat -N Cid35496X1833.0
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.10 -j Cid35496X1833.0
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.11 -j Cid35496X1833.0
$IPTABLES -t nat -A Cid35496X1833.0 -s 22.22.22.22 -j ACCEPT
$IPTABLES -t nat -A Cid35496X1833.0 -s 22.22.23.23 -j ACCEPT
$IPTABLES -t nat -A Cid35496X1833.0 -s 22.22.25.50 -j ACCEPT
$IPTABLES -t nat -A Cid35496X1833.0 -s 192.168.1.1 -j ACCEPT
$IPTABLES -t nat -A Cid35496X1833.0 -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A Cid35496X1833.0 -s 192.168.2.40 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -d 192.168.2.10 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -d 192.168.2.11 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.10 -j Cid35496X1833.0
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.11 -j Cid35496X1833.0
$IPTABLES -t nat -A Cid35496X1833.0 -s 22.22.22.22 -j ACCEPT
$IPTABLES -t nat -A Cid35496X1833.0 -s 22.22.23.23 -j ACCEPT
$IPTABLES -t nat -A Cid35496X1833.0 -s 22.22.25.50 -j ACCEPT
$IPTABLES -t nat -A Cid35496X1833.0 -s 192.168.1.1 -j ACCEPT
$IPTABLES -t nat -A Cid35496X1833.0 -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A Cid35496X1833.0 -s 192.168.2.40 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -d 192.168.2.10 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -d 192.168.2.11 -j ACCEPT
$IPTABLES -t nat -N Cid35496X1833.1
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.10 -j Cid35496X1833.1
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.11 -j Cid35496X1833.1
$IPTABLES -t nat -A Cid35496X1833.1 -s 192.168.1.10 -j ACCEPT
$IPTABLES -t nat -A Cid35496X1833.1 -s 192.168.1.20 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.10 -j Cid35496X1833.1
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.11 -j Cid35496X1833.1
$IPTABLES -t nat -A Cid35496X1833.1 -s 192.168.1.10 -j ACCEPT
$IPTABLES -t nat -A Cid35496X1833.1 -s 192.168.1.20 -j ACCEPT
$IPTABLES -t nat -N Cid35496X1833.2
$IPTABLES -t nat -A PREROUTING -d 192.168.2.10 -j Cid35496X1833.2
$IPTABLES -t nat -A PREROUTING -d 192.168.2.11 -j Cid35496X1833.2
$IPTABLES -t nat -A Cid35496X1833.2 -s 192.168.1.10 -j ACCEPT
$IPTABLES -t nat -A Cid35496X1833.2 -s 192.168.1.20 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -d 192.168.2.10 -j Cid35496X1833.2
$IPTABLES -t nat -A PREROUTING -d 192.168.2.11 -j Cid35496X1833.2
$IPTABLES -t nat -A Cid35496X1833.2 -s 192.168.1.10 -j ACCEPT
$IPTABLES -t nat -A Cid35496X1833.2 -s 192.168.1.20 -j ACCEPT
#
# Rule 10 (NAT)
#
echo "Rule 10 (NAT)"
#
$IPTABLES -t nat -N Cid35514X1833.0
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.10 -j Cid35514X1833.0
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.20 -j Cid35514X1833.0
$IPTABLES -t nat -A PREROUTING -s 192.168.1.10 -j Cid35514X1833.0
$IPTABLES -t nat -A PREROUTING -s 192.168.1.20 -j Cid35514X1833.0
$IPTABLES -t nat -A Cid35514X1833.0 -d 192.168.2.10 -j RETURN
$IPTABLES -t nat -A Cid35514X1833.0 -d 192.168.2.11 -j RETURN
$IPTABLES -t nat -A Cid35514X1833.0 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.10 -j Cid35514X1833.0
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.20 -j Cid35514X1833.0
$IPTABLES -t nat -A PREROUTING -s 192.168.1.10 -j Cid35514X1833.0
$IPTABLES -t nat -A PREROUTING -s 192.168.1.20 -j Cid35514X1833.0
$IPTABLES -t nat -A Cid35514X1833.0 -d 192.168.2.10 -j RETURN
$IPTABLES -t nat -A Cid35514X1833.0 -d 192.168.2.11 -j RETURN
$IPTABLES -t nat -A Cid35514X1833.0 -j ACCEPT
#
# Rule 11 (NAT)
#
echo "Rule 11 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
#
# Rule 12 (NAT)
#
echo "Rule 12 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 13 (NAT)
#
echo "Rule 13 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -s 22.22.23.23 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -s 22.22.25.50 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -s 22.22.23.23 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -s 22.22.25.50 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 14 (NAT)
#
echo "Rule 14 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -s 200.200.200.200 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -s 200.200.200.200 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 16 (NAT)
#
echo "Rule 16 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.24 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.25 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.24 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.25 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.24 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.25 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.24 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.25 --dports 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 17 (NAT)
#
echo "Rule 17 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 119 -j DNAT --to-destination 192.168.1.10
#
# Rule 18 (NAT)
#
@ -549,8 +549,8 @@ script_body() {
#
echo "Rule 19 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -d 22.22.23.24 -j DNAT --to-destination 192.168.1.20
$IPTABLES -t nat -A OUTPUT -d 22.22.23.24 -j DNAT --to-destination 192.168.1.20
$IPTABLES -t nat -A PREROUTING -d 22.22.23.24 -j DNAT --to-destination 192.168.1.20
$IPTABLES -t nat -A OUTPUT -d 22.22.23.24 -j DNAT --to-destination 192.168.1.20
#
# Rule 20 (NAT)
#
@ -564,102 +564,102 @@ script_body() {
echo "Rule 21 (NAT)"
#
# NETMAP
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j NETMAP --to 22.22.22.0/24
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j NETMAP --to 22.22.22.0/24
#
# Rule 22 (NAT)
#
echo "Rule 22 (NAT)"
#
# NETMAP
$IPTABLES -t nat -A PREROUTING -d 22.22.22.0/24 -j NETMAP --to 192.168.1.0/24
$IPTABLES -t nat -A PREROUTING -d 22.22.22.0/24 -j NETMAP --to 192.168.1.0/24
#
# Rule 23 (NAT)
#
echo "Rule 23 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.40 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.40 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
#
# Rule 24 (NAT)
#
echo "Rule 24 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1
#
# Rule 25 (NAT)
#
echo "Rule 25 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination 192.168.1.10:25
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination 192.168.1.10:25
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination 192.168.1.10:25
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination 192.168.1.10:25
#
# Rule 26 (NAT)
#
echo "Rule 26 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 443 -j REDIRECT --to-ports 3128
#
# Rule 27 (NAT)
#
echo "Rule 27 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.10-192.168.1.100
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.10-192.168.1.100
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.10-192.168.1.100
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.10-192.168.1.100
#
# Rule 28 (NAT)
#
echo "Rule 28 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.11-192.168.1.15
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.11-192.168.1.15
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.11-192.168.1.15
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.11-192.168.1.15
#
# Rule 29 (NAT)
#
echo "Rule 29 (NAT)"
#
# transparent proxy rule
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d ! 22.22.22.23 -j DNAT --to-destination 192.168.2.10
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d ! 22.22.22.23 -j DNAT --to-destination 192.168.2.10
#
# Rule 31 (NAT)
#
echo "Rule 31 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
#
# Rule 32 (NAT)
#
echo "Rule 32 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:8080
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:8080
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:8080
#
# Rule 33 (NAT)
#
@ -671,9 +671,9 @@ script_body() {
#
echo "Rule 34 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 35 (NAT)
@ -681,11 +681,11 @@ script_body() {
echo "Rule 35 (NAT)"
#
$IPTABLES -t nat -N Cid35884X1833.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d ! 192.168.1.50 --dport 80 -j Cid35884X1833.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d ! 192.168.1.50 --dport 80 -j Cid35884X1833.0
$IPTABLES -t nat -A Cid35884X1833.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid35884X1833.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid35884X1833.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.50:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d ! 192.168.1.50 --dport 80 -j Cid35884X1833.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d ! 192.168.1.50 --dport 80 -j Cid35884X1833.0
$IPTABLES -t nat -A Cid35884X1833.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid35884X1833.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid35884X1833.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.50:3128
#
# Rule 36 (NAT)
#
@ -693,18 +693,18 @@ script_body() {
#
$IPTABLES -t nat -N Cid35898X1833.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid35898X1833.1
$IPTABLES -t nat -A Cid35898X1833.1 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid35898X1833.1 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid35898X1833.1 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid35898X1833.1 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -N Cid35898X1833.0
$IPTABLES -t nat -A Cid35898X1833.1 -j Cid35898X1833.0
$IPTABLES -t nat -A Cid35898X1833.0 -p tcp -m tcp --dport 80 -j RETURN
$IPTABLES -t nat -A Cid35898X1833.0 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A Cid35898X1833.1 -j Cid35898X1833.0
$IPTABLES -t nat -A Cid35898X1833.0 -p tcp -m tcp --dport 80 -j RETURN
$IPTABLES -t nat -A Cid35898X1833.0 -j SNAT --to-source 192.168.1.1
#
# Rule 37 (NAT)
#
echo "Rule 37 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 38 (NAT)
@ -720,7 +720,7 @@ script_body() {
#
echo "Rule 39 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.1:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.1:3128
#
# Rule 40 (NAT)
#
@ -738,11 +738,11 @@ script_body() {
# testing transparent proxy
# roules for a support req.
$IPTABLES -t nat -N Cid35968X1833.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid35968X1833.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid35968X1833.0
$IPTABLES -t nat -A Cid35968X1833.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid35968X1833.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid35968X1833.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid35968X1833.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid35968X1833.0
$IPTABLES -t nat -A Cid35968X1833.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid35968X1833.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid35968X1833.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128
#
# Rule 42 (NAT)
#
@ -751,11 +751,11 @@ script_body() {
# testing transparent proxy
# roules for a support req.
$IPTABLES -t nat -N Cid35982X1833.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid35982X1833.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid35982X1833.0
$IPTABLES -t nat -A Cid35982X1833.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid35982X1833.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid35982X1833.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid35982X1833.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid35982X1833.0
$IPTABLES -t nat -A Cid35982X1833.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid35982X1833.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid35982X1833.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128
#
# Rule 43 (NAT)
#
@ -764,10 +764,10 @@ script_body() {
# testing transparent proxy
# roules for a support req.
$IPTABLES -t nat -N Cid35996X1833.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid35996X1833.0
$IPTABLES -t nat -A Cid35996X1833.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid35996X1833.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid35996X1833.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid35996X1833.0
$IPTABLES -t nat -A Cid35996X1833.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid35996X1833.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid35996X1833.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
#
# Rule 44 (NAT)
#
@ -785,11 +785,11 @@ script_body() {
# testing transparent proxy
# roules for a support req.
$IPTABLES -t nat -N Cid36024X1833.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid36024X1833.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid36024X1833.0
$IPTABLES -t nat -A Cid36024X1833.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid36024X1833.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid36024X1833.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.50:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid36024X1833.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid36024X1833.0
$IPTABLES -t nat -A Cid36024X1833.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid36024X1833.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid36024X1833.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.50:3128
@ -1120,7 +1120,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:15 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:18 2011 by vadim"
check_tools
check_run_time_address_table_files

12
test/ipt/firewall2-4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:18 2011 PST by vadim
# Generated Thu Feb 17 17:34:23 2011 PST by vadim
#
# files: * firewall2-4.fw /etc/fw/firewall2-4.fw
#
@ -331,9 +331,9 @@ script_body() {
echo "Rule 5 (NAT)"
#
# firewall2-4:NAT:5: error: Non-contiguous address range in Translated Destination in load balancing NAT rule
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10-192.168.1.20
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10-192.168.1.20
# firewall2-4:NAT:5: error: Non-contiguous address range in Translated Destination in load balancing NAT rule
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10-192.168.1.20
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10-192.168.1.20
#
# Rule 6 (NAT)
#
@ -346,7 +346,7 @@ script_body() {
#
echo "Rule 8 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j NETMAP --to 22.22.22.0/24
$IPTABLES -t nat -A POSTROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j NETMAP --to 22.22.22.0/24
#
# Rule 11 (NAT)
#
@ -424,7 +424,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:18 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:23 2011 by vadim"
check_tools
check_run_time_address_table_files

8
test/ipt/firewall2-5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:21 2011 PST by vadim
# Generated Thu Feb 17 17:34:26 2011 PST by vadim
#
# files: * firewall2-5.fw /etc/fw/firewall2-5.fw
#
@ -322,7 +322,7 @@ script_body() {
echo "Rule 0 (NAT)"
#
# NETMAP and no -o itf
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j NETMAP --to 22.22.22.0/24
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j NETMAP --to 22.22.22.0/24
#
# Rule 1 (NAT)
#
@ -453,7 +453,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:21 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:26 2011 by vadim"
check_tools
check_run_time_address_table_files

284
test/ipt/firewall2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:00 2011 PST by vadim
# Generated Thu Feb 17 17:34:03 2011 PST by vadim
#
# files: * firewall2.fw /etc/fw/firewall2.fw
#
@ -482,100 +482,100 @@ script_body() {
echo "Rule 11 (NAT)"
#
$IPTABLES -t nat -N Cid3D1519E8.0
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.10 -j Cid3D1519E8.0
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.11 -j Cid3D1519E8.0
$IPTABLES -t nat -A Cid3D1519E8.0 -s 22.22.22.22 -j ACCEPT
$IPTABLES -t nat -A Cid3D1519E8.0 -s 22.22.23.23 -j ACCEPT
$IPTABLES -t nat -A Cid3D1519E8.0 -s 22.22.25.50 -j ACCEPT
$IPTABLES -t nat -A Cid3D1519E8.0 -s 192.168.1.1 -j ACCEPT
$IPTABLES -t nat -A Cid3D1519E8.0 -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A Cid3D1519E8.0 -s 192.168.2.40 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -d 192.168.2.10 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -d 192.168.2.11 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.10 -j Cid3D1519E8.0
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.11 -j Cid3D1519E8.0
$IPTABLES -t nat -A Cid3D1519E8.0 -s 22.22.22.22 -j ACCEPT
$IPTABLES -t nat -A Cid3D1519E8.0 -s 22.22.23.23 -j ACCEPT
$IPTABLES -t nat -A Cid3D1519E8.0 -s 22.22.25.50 -j ACCEPT
$IPTABLES -t nat -A Cid3D1519E8.0 -s 192.168.1.1 -j ACCEPT
$IPTABLES -t nat -A Cid3D1519E8.0 -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A Cid3D1519E8.0 -s 192.168.2.40 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -d 192.168.2.10 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -d 192.168.2.11 -j ACCEPT
$IPTABLES -t nat -N Cid3D1519E8.1
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.10 -j Cid3D1519E8.1
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.11 -j Cid3D1519E8.1
$IPTABLES -t nat -A Cid3D1519E8.1 -s 192.168.1.10 -j ACCEPT
$IPTABLES -t nat -A Cid3D1519E8.1 -s 192.168.1.20 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.10 -j Cid3D1519E8.1
$IPTABLES -t nat -A POSTROUTING -d 192.168.2.11 -j Cid3D1519E8.1
$IPTABLES -t nat -A Cid3D1519E8.1 -s 192.168.1.10 -j ACCEPT
$IPTABLES -t nat -A Cid3D1519E8.1 -s 192.168.1.20 -j ACCEPT
$IPTABLES -t nat -N Cid3D1519E8.2
$IPTABLES -t nat -A PREROUTING -d 192.168.2.10 -j Cid3D1519E8.2
$IPTABLES -t nat -A PREROUTING -d 192.168.2.11 -j Cid3D1519E8.2
$IPTABLES -t nat -A Cid3D1519E8.2 -s 192.168.1.10 -j ACCEPT
$IPTABLES -t nat -A Cid3D1519E8.2 -s 192.168.1.20 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -d 192.168.2.10 -j Cid3D1519E8.2
$IPTABLES -t nat -A PREROUTING -d 192.168.2.11 -j Cid3D1519E8.2
$IPTABLES -t nat -A Cid3D1519E8.2 -s 192.168.1.10 -j ACCEPT
$IPTABLES -t nat -A Cid3D1519E8.2 -s 192.168.1.20 -j ACCEPT
#
# Rule 12 (NAT)
#
echo "Rule 12 (NAT)"
#
$IPTABLES -t nat -N Cid3D151BA0.0
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.10 -j Cid3D151BA0.0
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.20 -j Cid3D151BA0.0
$IPTABLES -t nat -A PREROUTING -s 192.168.1.10 -j Cid3D151BA0.0
$IPTABLES -t nat -A PREROUTING -s 192.168.1.20 -j Cid3D151BA0.0
$IPTABLES -t nat -A Cid3D151BA0.0 -d 192.168.2.10 -j RETURN
$IPTABLES -t nat -A Cid3D151BA0.0 -d 192.168.2.11 -j RETURN
$IPTABLES -t nat -A Cid3D151BA0.0 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.10 -j Cid3D151BA0.0
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.20 -j Cid3D151BA0.0
$IPTABLES -t nat -A PREROUTING -s 192.168.1.10 -j Cid3D151BA0.0
$IPTABLES -t nat -A PREROUTING -s 192.168.1.20 -j Cid3D151BA0.0
$IPTABLES -t nat -A Cid3D151BA0.0 -d 192.168.2.10 -j RETURN
$IPTABLES -t nat -A Cid3D151BA0.0 -d 192.168.2.11 -j RETURN
$IPTABLES -t nat -A Cid3D151BA0.0 -j ACCEPT
#
# Rule 13 (NAT)
#
echo "Rule 13 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
#
# Rule 14 (NAT)
#
echo "Rule 14 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 15 (NAT)
#
echo "Rule 15 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -s 22.22.23.23 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -s 22.22.25.50 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -s 22.22.23.23 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -s 22.22.25.50 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 16 (NAT)
#
echo "Rule 16 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -s 200.200.200.200 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -s 200.200.200.200 -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 18 (NAT)
#
echo "Rule 18 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.24 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.25 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.24 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.25 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.24 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.25 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.24 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.25 --dports 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 19 (NAT)
#
echo "Rule 19 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 119 -j DNAT --to-destination 192.168.1.10
#
# Rule 20 (NAT)
#
@ -587,8 +587,8 @@ script_body() {
#
echo "Rule 21 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -d 22.22.23.24 -j DNAT --to-destination 192.168.1.20
$IPTABLES -t nat -A OUTPUT -d 22.22.23.24 -j DNAT --to-destination 192.168.1.20
$IPTABLES -t nat -A PREROUTING -d 22.22.23.24 -j DNAT --to-destination 192.168.1.20
$IPTABLES -t nat -A OUTPUT -d 22.22.23.24 -j DNAT --to-destination 192.168.1.20
#
# Rule 22 (NAT)
#
@ -602,102 +602,102 @@ script_body() {
echo "Rule 23 (NAT)"
#
# NETMAP
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j NETMAP --to 22.22.22.0/24
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j NETMAP --to 22.22.22.0/24
#
# Rule 24 (NAT)
#
echo "Rule 24 (NAT)"
#
# NETMAP
$IPTABLES -t nat -A PREROUTING -d 22.22.22.0/24 -j NETMAP --to 192.168.1.0/24
$IPTABLES -t nat -A PREROUTING -d 22.22.22.0/24 -j NETMAP --to 192.168.1.0/24
#
# Rule 25 (NAT)
#
echo "Rule 25 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.40 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.1 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.2.40 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10:10000-11000
#
# Rule 26 (NAT)
#
echo "Rule 26 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1
#
# Rule 27 (NAT)
#
echo "Rule 27 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination 192.168.1.10:25
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination 192.168.1.10:25
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination 192.168.1.10:25
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.23 --dport 80 -j DNAT --to-destination 192.168.1.10:25
#
# Rule 28 (NAT)
#
echo "Rule 28 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 443 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.40 --dport 443 -j REDIRECT --to-ports 3128
#
# Rule 29 (NAT)
#
echo "Rule 29 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.10-192.168.1.100
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.10-192.168.1.100
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.10-192.168.1.100
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.10-192.168.1.100
#
# Rule 30 (NAT)
#
echo "Rule 30 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.11-192.168.1.15
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.11-192.168.1.15
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.11-192.168.1.15
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.22.22 --dport 8080 -j DNAT --to-destination 192.168.1.11-192.168.1.15
#
# Rule 31 (NAT)
#
echo "Rule 31 (NAT)"
#
# transparent proxy rule
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d ! 22.22.22.23 -j DNAT --to-destination 192.168.2.10
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d ! 22.22.22.23 -j DNAT --to-destination 192.168.2.10
#
# Rule 33 (NAT)
#
echo "Rule 33 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
#
# Rule 34 (NAT)
#
echo "Rule 34 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:8080
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:8080
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:8080
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:8080
#
# Rule 35 (NAT)
#
@ -709,9 +709,9 @@ script_body() {
#
echo "Rule 36 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 37 (NAT)
@ -719,11 +719,11 @@ script_body() {
echo "Rule 37 (NAT)"
#
$IPTABLES -t nat -N Cid40F195C3.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d ! 192.168.1.50 --dport 80 -j Cid40F195C3.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d ! 192.168.1.50 --dport 80 -j Cid40F195C3.0
$IPTABLES -t nat -A Cid40F195C3.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid40F195C3.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid40F195C3.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.50:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d ! 192.168.1.50 --dport 80 -j Cid40F195C3.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d ! 192.168.1.50 --dport 80 -j Cid40F195C3.0
$IPTABLES -t nat -A Cid40F195C3.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid40F195C3.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid40F195C3.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.50:3128
#
# Rule 38 (NAT)
#
@ -731,18 +731,18 @@ script_body() {
#
$IPTABLES -t nat -N Cid40F1C52F.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid40F1C52F.1
$IPTABLES -t nat -A Cid40F1C52F.1 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid40F1C52F.1 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid40F1C52F.1 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid40F1C52F.1 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -N Cid40F1C52F.0
$IPTABLES -t nat -A Cid40F1C52F.1 -j Cid40F1C52F.0
$IPTABLES -t nat -A Cid40F1C52F.0 -p tcp -m tcp --dport 80 -j RETURN
$IPTABLES -t nat -A Cid40F1C52F.0 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A Cid40F1C52F.1 -j Cid40F1C52F.0
$IPTABLES -t nat -A Cid40F1C52F.0 -p tcp -m tcp --dport 80 -j RETURN
$IPTABLES -t nat -A Cid40F1C52F.0 -j SNAT --to-source 192.168.1.1
#
# Rule 39 (NAT)
#
echo "Rule 39 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 40 (NAT)
@ -758,7 +758,7 @@ script_body() {
#
echo "Rule 41 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.1:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.1:3128
#
# Rule 42 (NAT)
#
@ -776,11 +776,11 @@ script_body() {
# testing transparent proxy
# roules for a support req.
$IPTABLES -t nat -N Cid46D67A4324736.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid46D67A4324736.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid46D67A4324736.0
$IPTABLES -t nat -A Cid46D67A4324736.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid46D67A4324736.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid46D67A4324736.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid46D67A4324736.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid46D67A4324736.0
$IPTABLES -t nat -A Cid46D67A4324736.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid46D67A4324736.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid46D67A4324736.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128
#
# Rule 44 (NAT)
#
@ -789,11 +789,11 @@ script_body() {
# testing transparent proxy
# roules for a support req.
$IPTABLES -t nat -N Cid46D67A5924736.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid46D67A5924736.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid46D67A5924736.0
$IPTABLES -t nat -A Cid46D67A5924736.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid46D67A5924736.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid46D67A5924736.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid46D67A5924736.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid46D67A5924736.0
$IPTABLES -t nat -A Cid46D67A5924736.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid46D67A5924736.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid46D67A5924736.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128
#
# Rule 45 (NAT)
#
@ -802,10 +802,10 @@ script_body() {
# testing transparent proxy
# roules for a support req.
$IPTABLES -t nat -N Cid46D49F3624736.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid46D49F3624736.0
$IPTABLES -t nat -A Cid46D49F3624736.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid46D49F3624736.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid46D49F3624736.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid46D49F3624736.0
$IPTABLES -t nat -A Cid46D49F3624736.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid46D49F3624736.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid46D49F3624736.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
#
# Rule 46 (NAT)
#
@ -823,36 +823,36 @@ script_body() {
# testing transparent proxy
# roules for a support req.
$IPTABLES -t nat -N Cid46D6AA2F24736.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid46D6AA2F24736.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid46D6AA2F24736.0
$IPTABLES -t nat -A Cid46D6AA2F24736.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid46D6AA2F24736.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid46D6AA2F24736.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.50:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid46D6AA2F24736.0
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j Cid46D6AA2F24736.0
$IPTABLES -t nat -A Cid46D6AA2F24736.0 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid46D6AA2F24736.0 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -A Cid46D6AA2F24736.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.50:3128
#
# Rule 48 (NAT)
#
echo "Rule 48 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 3050:3051 -j DNAT --to-destination :700
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 3050:3051 -j DNAT --to-destination :700
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s 192.168.1.0/24 --dport 700 -j SNAT --to-source 192.168.1.10
#
# Rule 49 (NAT)
#
echo "Rule 49 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 9040 -j REDIRECT --to-ports 9040
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 9040 -j REDIRECT --to-ports 9040
#
# Rule 50 (NAT)
#
echo "Rule 50 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m owner --uid-owner anonymous -j REDIRECT --to-ports 9040
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m owner --uid-owner anonymous -j REDIRECT --to-ports 9040
#
# Rule 52 (NAT)
#
echo "Rule 52 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p udp -m udp -m owner --uid-owner anonymous -j REDIRECT --to-ports 53
$IPTABLES -t nat -A OUTPUT -p udp -m udp -m owner --uid-owner anonymous -j REDIRECT --to-ports 53
@ -1470,7 +1470,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:00 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:03 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall20-ipv6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:03 2011 PST by vadim
# Generated Thu Feb 17 17:34:06 2011 PST by vadim
#
# files: * firewall20-ipv6.fw /etc/fw/firewall20-ipv6.fw
#
@ -456,7 +456,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:03 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:06 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

18
test/ipt/firewall20.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:01 2011 PST by vadim
# Generated Thu Feb 17 17:34:04 2011 PST by vadim
#
# files: * firewall20.fw /etc/fw/firewall20.fw
#
@ -354,24 +354,24 @@ script_body() {
eval "addr_list=$cmd"
for addr in $addr_list
do
test -n "$addr" && $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d $addr --dport 22 -j DNAT --to-destination 192.168.1.10:22
test -n "$addr" && $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d $addr --dport 22 -j DNAT --to-destination 192.168.1.10:22
done
done
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
#
# Rule 6 (NAT)
#
echo "Rule 6 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d ! 200.200.200.200 -j DNAT --to-destination 192.168.2.10
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d ! 200.200.200.200 -j DNAT --to-destination 192.168.2.10
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1
#
# Rule 7 (NAT)
#
echo "Rule 7 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10
getinterfaces ppp | while read I; do
ivar=$(getInterfaceVarName $I)
getaddr $I $ivar
@ -379,7 +379,7 @@ script_body() {
eval "addr_list=$cmd"
for addr in $addr_list
do
test -n "$addr" && $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d $addr --dport 22 -j DNAT --to-destination 192.168.1.10
test -n "$addr" && $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d $addr --dport 22 -j DNAT --to-destination 192.168.1.10
done
done
@ -674,7 +674,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:01 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:04 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

14
test/ipt/firewall21-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:07 2011 PST by vadim
# Generated Thu Feb 17 17:34:10 2011 PST by vadim
#
# files: * firewall21-1.fw /etc/fw/firewall21-1.fw
#
@ -303,11 +303,11 @@ script_body() {
#
for i_eth0 in $i_eth0_list
do
test -n "$i_eth0" && $IPTABLES -t nat -A PREROUTING -d $i_eth0 -j DNAT --to-destination 192.168.1.10
test -n "$i_eth0" && $IPTABLES -t nat -A PREROUTING -d $i_eth0 -j DNAT --to-destination 192.168.1.10
done
for i_eth1 in $i_eth1_list
do
test -n "$i_eth1" && $IPTABLES -t nat -A PREROUTING -d $i_eth1 -j DNAT --to-destination 192.168.1.10
test -n "$i_eth1" && $IPTABLES -t nat -A PREROUTING -d $i_eth1 -j DNAT --to-destination 192.168.1.10
done
#
# Rule 1 (NAT)
@ -316,11 +316,11 @@ script_body() {
#
for i_eth0 in $i_eth0_list
do
test -n "$i_eth0" && $IPTABLES -t nat -A PREROUTING -d $i_eth0 -j DNAT --to-destination 192.168.1.10 --random --persistent
test -n "$i_eth0" && $IPTABLES -t nat -A PREROUTING -d $i_eth0 -j DNAT --to-destination 192.168.1.10 --random --persistent
done
for i_eth1 in $i_eth1_list
do
test -n "$i_eth1" && $IPTABLES -t nat -A PREROUTING -d $i_eth1 -j DNAT --to-destination 192.168.1.10 --random --persistent
test -n "$i_eth1" && $IPTABLES -t nat -A PREROUTING -d $i_eth1 -j DNAT --to-destination 192.168.1.10 --random --persistent
done
#
# Rule 2 (NAT)
@ -470,7 +470,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:07 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:10 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

14
test/ipt/firewall21.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:04 2011 PST by vadim
# Generated Thu Feb 17 17:34:07 2011 PST by vadim
#
# files: * firewall21.fw /etc/fw/firewall21.fw
#
@ -302,11 +302,11 @@ script_body() {
#
for i_eth0 in $i_eth0_list
do
test -n "$i_eth0" && $IPTABLES -t nat -A PREROUTING -d $i_eth0 -j DNAT --to-destination 192.168.1.10
test -n "$i_eth0" && $IPTABLES -t nat -A PREROUTING -d $i_eth0 -j DNAT --to-destination 192.168.1.10
done
for i_eth1 in $i_eth1_list
do
test -n "$i_eth1" && $IPTABLES -t nat -A PREROUTING -d $i_eth1 -j DNAT --to-destination 192.168.1.10
test -n "$i_eth1" && $IPTABLES -t nat -A PREROUTING -d $i_eth1 -j DNAT --to-destination 192.168.1.10
done
#
# Rule 1 (NAT)
@ -315,11 +315,11 @@ script_body() {
#
for i_eth0 in $i_eth0_list
do
test -n "$i_eth0" && $IPTABLES -t nat -A PREROUTING -d $i_eth0 -j DNAT --to-destination 192.168.1.10 --random
test -n "$i_eth0" && $IPTABLES -t nat -A PREROUTING -d $i_eth0 -j DNAT --to-destination 192.168.1.10 --random
done
for i_eth1 in $i_eth1_list
do
test -n "$i_eth1" && $IPTABLES -t nat -A PREROUTING -d $i_eth1 -j DNAT --to-destination 192.168.1.10 --random
test -n "$i_eth1" && $IPTABLES -t nat -A PREROUTING -d $i_eth1 -j DNAT --to-destination 192.168.1.10 --random
done
#
# Rule 2 (NAT)
@ -469,7 +469,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:04 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:07 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/firewall22.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:10 2011 PST by vadim
# Generated Thu Feb 17 17:34:13 2011 PST by vadim
#
# files: * firewall22.fw /etc/fw/firewall22.fw
#
@ -302,13 +302,13 @@ script_body() {
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -d 192.168.2.1 -m string --string test_pattern -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -d 192.168.2.1 -m string --string test_pattern -j DNAT --to-destination 192.168.1.10
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -m string --string test_pattern -j DNAT --to-destination 200.200.200.200
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -m string --string test_pattern -j DNAT --to-destination 200.200.200.200
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d 200.200.200.200 -m string --string test_pattern -j SNAT --to-source 192.168.2.1
@ -390,7 +390,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:10 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:13 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall23-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:15 2011 PST by vadim
# Generated Thu Feb 17 17:34:19 2011 PST by vadim
#
# files: * firewall23-1.fw /etc/fw/firewall23-1.fw
#
@ -564,7 +564,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:15 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:19 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall23.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:13 2011 PST by vadim
# Generated Thu Feb 17 17:34:16 2011 PST by vadim
#
# files: * firewall23.fw /etc/fw/firewall23.fw
#
@ -476,7 +476,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:13 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:16 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall24.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:18 2011 PST by vadim
# Generated Thu Feb 17 17:34:21 2011 PST by vadim
#
# files: * firewall24.fw /etc/fw/firewall24.fw
#
@ -493,7 +493,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:18 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:21 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

14
test/ipt/firewall25.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:22 2011 PST by vadim
# Generated Thu Feb 17 17:34:26 2011 PST by vadim
#
# files: * firewall25.fw /etc/fw/firewall25.fw
#
@ -617,14 +617,14 @@ script_body() {
eval "addr_list=$cmd"
for addr in $addr_list
do
test -n "$addr" && echo "-A PREROUTING -p tcp -m tcp -d $addr --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
test -n "$addr" && echo "-A PREROUTING -p tcp -m tcp -d $addr --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
done
done
echo "-A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
echo "-A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
echo "-A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
echo "-A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
#
# Rule 3 (NAT)
echo "-A PREROUTING -s 192.168.1.0/24 -d ! 200.200.200.200 -j DNAT --to-destination 192.168.2.10 "
echo "-A PREROUTING -s 192.168.1.0/24 -d ! 200.200.200.200 -j DNAT --to-destination 192.168.2.10 "
echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1 "
#
echo COMMIT
@ -687,7 +687,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:22 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:26 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

14
test/ipt/firewall26.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:24 2011 PST by vadim
# Generated Thu Feb 17 17:34:29 2011 PST by vadim
#
# files: * firewall26.fw /etc/fw/firewall26.fw
#
@ -493,13 +493,13 @@ script_body() {
# Rule 2 (NAT)
for i_ppp in $i_ppp_list
do
test -n "$i_ppp" && echo "-A PREROUTING -p tcp -m tcp -d $i_ppp --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
test -n "$i_ppp" && echo "-A PREROUTING -p tcp -m tcp -d $i_ppp --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
done
echo "-A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
echo "-A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
echo "-A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
echo "-A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
#
# Rule 3 (NAT)
echo "-A PREROUTING -s 192.168.1.0/24 -d ! 200.200.200.200 -j DNAT --to-destination 192.168.2.10 "
echo "-A PREROUTING -s 192.168.1.0/24 -d ! 200.200.200.200 -j DNAT --to-destination 192.168.2.10 "
echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1 "
#
echo COMMIT
@ -562,7 +562,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:24 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:29 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

14
test/ipt/firewall27.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:25 2011 PST by vadim
# Generated Thu Feb 17 17:34:32 2011 PST by vadim
#
# files: * firewall27.fw /etc/fw/firewall27.fw
#
@ -478,12 +478,12 @@ script_body() {
echo "-A POSTROUTING -o ppp -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 "
#
# Rule 2 (NAT)
echo "-A PREROUTING -p tcp -m tcp -d 192.0.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
echo "-A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
echo "-A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
echo "-A PREROUTING -p tcp -m tcp -d 192.0.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
echo "-A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
echo "-A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
#
# Rule 3 (NAT)
echo "-A PREROUTING -s 192.168.1.0/24 -d ! 200.200.200.200 -j DNAT --to-destination 192.168.2.10 "
echo "-A PREROUTING -s 192.168.1.0/24 -d ! 200.200.200.200 -j DNAT --to-destination 192.168.2.10 "
echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1 "
#
echo COMMIT
@ -546,7 +546,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:25 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:32 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall28.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:27 2011 PST by vadim
# Generated Thu Feb 17 17:34:33 2011 PST by vadim
#
# files: * firewall28.fw /etc/fw/firewall28.fw
#
@ -407,7 +407,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:27 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:33 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/firewall29.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:28 2011 PST by vadim
# Generated Thu Feb 17 17:34:36 2011 PST by vadim
#
# files: * firewall29.fw /etc/fw/firewall29.fw
#
@ -302,11 +302,11 @@ script_body() {
#
for i_eth0_200 in $i_eth0_200_list
do
test -n "$i_eth0_200" && $IPTABLES -t nat -A PREROUTING -d $i_eth0_200 -j DNAT --to-destination 192.168.1.10
test -n "$i_eth0_200" && $IPTABLES -t nat -A PREROUTING -d $i_eth0_200 -j DNAT --to-destination 192.168.1.10
done
for i_eth0_100 in $i_eth0_100_list
do
test -n "$i_eth0_100" && $IPTABLES -t nat -A PREROUTING -d $i_eth0_100 -j DNAT --to-destination 192.168.1.10
test -n "$i_eth0_100" && $IPTABLES -t nat -A PREROUTING -d $i_eth0_100 -j DNAT --to-destination 192.168.1.10
done
@ -440,7 +440,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:28 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:36 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:30 2011 PST by vadim
# Generated Thu Feb 17 17:34:36 2011 PST by vadim
#
# files: * firewall3.fw /etc/fw/firewall3.fw
#
@ -578,7 +578,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:30 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:36 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall30.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:31 2011 PST by vadim
# Generated Thu Feb 17 17:34:39 2011 PST by vadim
#
# files: * firewall30.fw /etc/fw/firewall30.fw
#
@ -375,7 +375,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:31 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:39 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall31.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:33 2011 PST by vadim
# Generated Thu Feb 17 17:34:40 2011 PST by vadim
#
# files: * firewall31.fw /etc/fw/firewall31.fw
#
@ -445,7 +445,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:33 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:40 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/firewall32.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:34 2011 PST by vadim
# Generated Thu Feb 17 17:34:42 2011 PST by vadim
#
# files: * firewall32.fw /etc/fw/firewall32.fw
#
@ -299,7 +299,7 @@ script_body() {
#
for i_eth0_100 in $i_eth0_100_list
do
test -n "$i_eth0_100" && $IPTABLES -t nat -A PREROUTING -d $i_eth0_100 -j DNAT --to-destination 192.168.1.10
test -n "$i_eth0_100" && $IPTABLES -t nat -A PREROUTING -d $i_eth0_100 -j DNAT --to-destination 192.168.1.10
done
@ -416,7 +416,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:34 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:42 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

16
test/ipt/firewall33-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:49 2011 PST by vadim
# Generated Thu Feb 17 17:34:56 2011 PST by vadim
#
# files: * firewall33-1.fw /etc/fw/firewall33-1.fw
#
@ -393,11 +393,11 @@ script_body() {
#
$IPTABLES -N Cid438728A918346.0
$IPTABLES -A Policy -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.48 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.49 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.50 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.51 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.52 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.16 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.17 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.18 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.19 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.20 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN
@ -522,7 +522,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:49 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:56 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

24
test/ipt/firewall33.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:48 2011 PST by vadim
# Generated Thu Feb 17 17:34:54 2011 PST by vadim
#
# files: * firewall33.fw /etc/fw/firewall33.fw
#
@ -303,7 +303,7 @@ script_body() {
#
for i_eth0_100 in $i_eth0_100_list
do
test -n "$i_eth0_100" && $IPTABLES -t nat -A PREROUTING -d $i_eth0_100 -j DNAT --to-destination 192.168.1.10
test -n "$i_eth0_100" && $IPTABLES -t nat -A PREROUTING -d $i_eth0_100 -j DNAT --to-destination 192.168.1.10
done
#
# Rule 1 (NAT)
@ -336,9 +336,9 @@ script_body() {
#
$IPTABLES -t nat -N Cid43876E7B18346.0
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -j Cid43876E7B18346.0
$IPTABLES -t nat -A Cid43876E7B18346.0 -d www.google.com -j RETURN
$IPTABLES -t nat -A Cid43876E7B18346.0 -d www.cnn.com -j RETURN
$IPTABLES -t nat -A Cid43876E7B18346.0 -j MASQUERADE
$IPTABLES -t nat -A Cid43876E7B18346.0 -d www.google.com -j RETURN
$IPTABLES -t nat -A Cid43876E7B18346.0 -d www.cnn.com -j RETURN
$IPTABLES -t nat -A Cid43876E7B18346.0 -j MASQUERADE
@ -442,11 +442,11 @@ script_body() {
$IPTABLES -A OUTPUT -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A INPUT -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A FORWARD -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.48 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.49 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.50 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.51 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.52 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.16 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.17 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.18 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.19 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.20 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN
@ -571,7 +571,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:48 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:54 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

16
test/ipt/firewall34.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:52 2011 PST by vadim
# Generated Thu Feb 17 17:34:58 2011 PST by vadim
#
# files: * firewall34.fw /etc/fw/firewall34.fw
#
@ -303,12 +303,12 @@ script_body() {
$IPTABLES -t nat -N Cid4389EEB018346.0
for i_eth0_100 in $i_eth0_100_list
do
test -n "$i_eth0_100" && $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d $i_eth0_100 --dport 25 -j Cid4389EEB018346.0
test -n "$i_eth0_100" && $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d $i_eth0_100 --dport 25 -j Cid4389EEB018346.0
done
grep -Ev '^#|^;|^\s*$' block-hosts.tbl | while read L ; do
set $L; at_block_these=$1; $IPTABLES -t nat -A Cid4389EEB018346.0 -s $at_block_these -j RETURN
set $L; at_block_these=$1; $IPTABLES -t nat -A Cid4389EEB018346.0 -s $at_block_these -j RETURN
done
$IPTABLES -t nat -A Cid4389EEB018346.0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A Cid4389EEB018346.0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.1.10
#
# Rule 1 (NAT)
#
@ -317,9 +317,9 @@ script_body() {
$IPTABLES -t nat -N Cid43891B6E674.0
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -s 192.168.1.0/24 -j Cid43891B6E674.0
grep -Ev '^#|^;|^\s*$' block-hosts.tbl | while read L ; do
set $L; at_block_these=$1; $IPTABLES -t nat -A Cid43891B6E674.0 -d $at_block_these -j RETURN
set $L; at_block_these=$1; $IPTABLES -t nat -A Cid43891B6E674.0 -d $at_block_these -j RETURN
done
$IPTABLES -t nat -A Cid43891B6E674.0 -j MASQUERADE
$IPTABLES -t nat -A Cid43891B6E674.0 -j MASQUERADE
@ -648,7 +648,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:52 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:34:58 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

16
test/ipt/firewall35.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:52 2011 PST by vadim
# Generated Thu Feb 17 17:35:00 2011 PST by vadim
#
# files: * firewall35.fw /etc/fw/firewall35.fw
#
@ -465,20 +465,20 @@ script_body() {
echo ":Cid4392558F25682.0 - [0:0]"
for i_eth0_100 in $i_eth0_100_list
do
test -n "$i_eth0_100" && echo "-A PREROUTING -p tcp -m tcp -d $i_eth0_100 --dport 25 -j Cid4392558F25682.0 "
test -n "$i_eth0_100" && echo "-A PREROUTING -p tcp -m tcp -d $i_eth0_100 --dport 25 -j Cid4392558F25682.0 "
done
grep -Ev '^#|^;|^\s*$' block-hosts.tbl | while read L ; do
set $L; at_block_these=$1; echo "-A Cid4392558F25682.0 -s $at_block_these -j RETURN "
set $L; at_block_these=$1; echo "-A Cid4392558F25682.0 -s $at_block_these -j RETURN "
done
echo "-A Cid4392558F25682.0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.1.10 "
echo "-A Cid4392558F25682.0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.1.10 "
#
# Rule 1 (NAT)
echo ":Cid4392559D25682.0 - [0:0]"
echo "-A POSTROUTING -o eth0.100 -s 192.168.1.0/24 -j Cid4392559D25682.0 "
grep -Ev '^#|^;|^\s*$' block-hosts.tbl | while read L ; do
set $L; at_block_these=$1; echo "-A Cid4392559D25682.0 -d $at_block_these -j RETURN "
set $L; at_block_these=$1; echo "-A Cid4392559D25682.0 -d $at_block_these -j RETURN "
done
echo "-A Cid4392559D25682.0 -j MASQUERADE "
echo "-A Cid4392559D25682.0 -j MASQUERADE "
#
echo COMMIT
@ -540,7 +540,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:52 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:00 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall36-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:56 2011 PST by vadim
# Generated Thu Feb 17 17:35:03 2011 PST by vadim
#
# files: * firewall36-1.fw /etc/firewall36-1.fw
#
@ -433,7 +433,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:56 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:03 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall36-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:59 2011 PST by vadim
# Generated Thu Feb 17 17:35:05 2011 PST by vadim
#
# files: * firewall36-2.fw /etc/firewall36-2.fw
#
@ -433,7 +433,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:59 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:05 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall36.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:25:55 2011 PST by vadim
# Generated Thu Feb 17 17:35:02 2011 PST by vadim
#
# files: * firewall36.fw /etc/firewall36.fw
#
@ -535,7 +535,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:25:55 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:02 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

18
test/ipt/firewall37-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:02 2011 PST by vadim
# Generated Thu Feb 17 17:35:08 2011 PST by vadim
#
# files: * firewall37-1.fw /etc/fw/firewall37-1.fw
#
@ -313,12 +313,12 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -s 22.22.23.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 22.22.23.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -j ACCEPT
# ================ Table 'mangle', rule set rule27_branch
#
@ -769,7 +769,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:02 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:08 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

18
test/ipt/firewall37.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:11 2011 PST by vadim
# Generated Thu Feb 17 17:35:18 2011 PST by vadim
#
# files: * firewall37.fw /etc/fw/firewall37.fw
#
@ -318,12 +318,12 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -s 22.22.23.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 22.22.23.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -j ACCEPT
# ================ Table 'mangle', rule set mymark
#
@ -1049,7 +1049,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:11 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:18 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall38.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:05 2011 PST by vadim
# Generated Thu Feb 17 17:35:11 2011 PST by vadim
#
# files: * firewall38.fw /etc/fw/firewall38.fw
#
@ -498,7 +498,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:05 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:11 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

18
test/ipt/firewall39.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:14 2011 PST by vadim
# Generated Thu Feb 17 17:35:22 2011 PST by vadim
#
# files: * firewall39.fw /etc/fw/firewall39.fw
#
@ -311,12 +311,12 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -s 22.22.23.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 22.22.23.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.22 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.2.1 -j ACCEPT
$IPTABLES -t nat -A OUTPUT -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -j ACCEPT
# ================ Table 'mangle', rule set rule0_branch
#
@ -876,7 +876,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:14 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

16
test/ipt/firewall4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:13 2011 PST by vadim
# Generated Thu Feb 17 17:35:22 2011 PST by vadim
#
# files: * firewall4.fw /etc/fw/firewall4.fw
#
@ -338,11 +338,11 @@ script_body() {
#
for i_eth1 in $i_eth1_list
do
test -n "$i_eth1" && $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d $i_eth1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
test -n "$i_eth1" && $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d $i_eth1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
done
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 222.222.222.222 --dport 22 -j DNAT --to-destination 192.168.1.10:22
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 222.222.222.222 --dport 22 -j DNAT --to-destination 192.168.1.10:22
#
# Rule 6 (NAT)
#
@ -350,7 +350,7 @@ script_body() {
#
for i_eth1 in $i_eth1_list
do
test -n "$i_eth1" && $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d $i_eth1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
test -n "$i_eth1" && $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d $i_eth1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
done
@ -710,7 +710,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:13 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall40-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:17 2011 PST by vadim
# Generated Thu Feb 17 17:35:26 2011 PST by vadim
#
# files: * firewall40-1.fw /etc/firewall40-1.fw
#
@ -450,7 +450,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:17 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:26 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall40-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:19 2011 PST by vadim
# Generated Thu Feb 17 17:35:29 2011 PST by vadim
#
# files: * firewall40-2.fw /etc/firewall40-2.fw
#
@ -437,7 +437,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:19 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:29 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall40.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:16 2011 PST by vadim
# Generated Thu Feb 17 17:35:25 2011 PST by vadim
#
# files: * firewall40.fw /etc/firewall40.fw
#
@ -439,7 +439,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:16 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:25 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

12
test/ipt/firewall41-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:22 2011 PST by vadim
# Generated Thu Feb 17 17:35:32 2011 PST by vadim
#
# files: * firewall41-1.fw /etc/firewall41-1.fw
#
@ -443,14 +443,14 @@ script_body() {
#
$IPTABLES -t nat -N Cid2287813X9995.0
$IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid2287813X9995.0
$IPTABLES -t nat -A Cid2287813X9995.0 -m set --set atbl.1 src -j RETURN
$IPTABLES -t nat -A Cid2287813X9995.0 -j SNAT --to-source 1.1.1.1
$IPTABLES -t nat -A Cid2287813X9995.0 -m set --set atbl.1 src -j RETURN
$IPTABLES -t nat -A Cid2287813X9995.0 -j SNAT --to-source 1.1.1.1
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -m set --set atbl.1 dst -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -m set --set atbl.1 dst -j DNAT --to-destination 192.168.1.10
@ -575,7 +575,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:22 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:32 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall41.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:25 2011 PST by vadim
# Generated Thu Feb 17 17:35:34 2011 PST by vadim
#
# files: * firewall41.fw /etc/firewall41.fw
#
@ -456,7 +456,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:25 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:34 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall42.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:28 2011 PST by vadim
# Generated Thu Feb 17 17:35:37 2011 PST by vadim
#
# files: * firewall42.fw /etc/fw/firewall42.fw
#
@ -382,7 +382,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:28 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:37 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

14
test/ipt/firewall5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:28 2011 PST by vadim
# Generated Thu Feb 17 17:35:38 2011 PST by vadim
#
# files: * firewall5.fw /etc/fw/firewall5.fw
#
@ -324,14 +324,14 @@ script_body() {
#
for i_ppp0 in $i_ppp0_list
do
test -n "$i_ppp0" && $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d $i_ppp0 --dport 22 -j DNAT --to-destination 192.168.1.10:22
test -n "$i_ppp0" && $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d $i_ppp0 --dport 22 -j DNAT --to-destination 192.168.1.10:22
done
for i_ppp1 in $i_ppp1_list
do
test -n "$i_ppp1" && $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d $i_ppp1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
test -n "$i_ppp1" && $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d $i_ppp1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
done
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22
@ -622,7 +622,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:28 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:38 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall50.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:31 2011 PST by vadim
# Generated Thu Feb 17 17:35:41 2011 PST by vadim
#
# files: * firewall50.fw /etc/fw/firewall50.fw
#
@ -407,7 +407,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:31 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:41 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall51.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:34 2011 PST by vadim
# Generated Thu Feb 17 17:35:44 2011 PST by vadim
#
# files: * firewall51.fw /etc/fw/firewall51.fw
#
@ -491,7 +491,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:34 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:44 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

32
test/ipt/firewall6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:34 2011 PST by vadim
# Generated Thu Feb 17 17:35:44 2011 PST by vadim
#
# files: * firewall6.fw /etc/fw/firewall6.fw
#
@ -306,7 +306,7 @@ script_body() {
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.24 --dport 80 -j DNAT --to-destination 192.168.1.20
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.24 --dport 80 -j DNAT --to-destination 192.168.1.20
#
# Rule 2 (NAT)
#
@ -315,14 +315,14 @@ script_body() {
# this is SDNAT rule, it translates
# both source and destination
# this rule should be equivalent to two rules above
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 -d 22.22.23.24 --dport 80 -j DNAT --to-destination 192.168.1.20
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 -d 22.22.23.24 --dport 80 -j DNAT --to-destination 192.168.1.20
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.20 --dport 80 -j SNAT --to-source 192.168.1.1
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.11 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.12 --dport 80 -j SNAT --to-source 192.168.1.1
#
@ -330,7 +330,7 @@ script_body() {
#
echo "Rule 4 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.11 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.12 --dport 80 -j SNAT --to-source 192.168.1.1
#
@ -338,10 +338,10 @@ script_body() {
#
echo "Rule 5 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.11 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.12 --dport 80 -j SNAT --to-source 192.168.1.1
#
@ -349,7 +349,7 @@ script_body() {
#
echo "Rule 6 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.100 --dport 80 -j DNAT --to-destination 192.168.1.100:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.100 --dport 80 -j DNAT --to-destination 192.168.1.100:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.100 -d 192.168.1.100 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 7 (NAT)
@ -357,10 +357,10 @@ script_body() {
echo "Rule 7 (NAT)"
#
$IPTABLES -t nat -N Cid3F9F8382.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j Cid3F9F8382.0
$IPTABLES -t nat -A Cid3F9F8382.0 -d 222.222.222.40 -j RETURN
$IPTABLES -t nat -A Cid3F9F8382.0 -d 222.222.222.41 -j RETURN
$IPTABLES -t nat -A Cid3F9F8382.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.100:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j Cid3F9F8382.0
$IPTABLES -t nat -A Cid3F9F8382.0 -d 222.222.222.40 -j RETURN
$IPTABLES -t nat -A Cid3F9F8382.0 -d 222.222.222.41 -j RETURN
$IPTABLES -t nat -A Cid3F9F8382.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.100:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.100 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 8 (NAT)
@ -513,7 +513,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:34 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:44 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall60.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:37 2011 PST by vadim
# Generated Thu Feb 17 17:35:47 2011 PST by vadim
#
# files: * firewall60.fw /etc/firewall60.fw
#
@ -419,7 +419,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:37 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:47 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.2.5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:38 2011 PST by vadim
# Generated Thu Feb 17 17:35:48 2011 PST by vadim
#
# files: * firewall61-1.2.5.fw /etc/firewall61-1.2.5.fw
#
@ -499,7 +499,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:38 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.2.6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:41 2011 PST by vadim
# Generated Thu Feb 17 17:35:52 2011 PST by vadim
#
# files: * firewall61-1.2.6.fw /etc/firewall61-1.2.6.fw
#
@ -505,7 +505,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:41 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:52 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.3.x.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:42 2011 PST by vadim
# Generated Thu Feb 17 17:35:53 2011 PST by vadim
#
# files: * firewall61-1.3.x.fw /etc/firewall61-1.3.x.fw
#
@ -492,7 +492,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:42 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:53 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:45 2011 PST by vadim
# Generated Thu Feb 17 17:35:56 2011 PST by vadim
#
# files: * firewall61-1.4.fw /etc/firewall61-1.4.fw
#
@ -493,7 +493,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:45 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:56 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall62.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:45 2011 PST by vadim
# Generated Thu Feb 17 17:35:56 2011 PST by vadim
#
# files: * firewall62.fw /etc/firewall62.fw
#
@ -543,7 +543,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:45 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:56 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall63.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:48 2011 PST by vadim
# Generated Thu Feb 17 17:35:59 2011 PST by vadim
#
# files: * firewall63.fw /etc/firewall63.fw
#
@ -389,7 +389,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:48 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:59 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:48 2011 PST by vadim
# Generated Thu Feb 17 17:35:59 2011 PST by vadim
#
# files: * firewall7.fw /etc/fw/firewall7.fw
#
@ -473,7 +473,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:48 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:59 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall70.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:52 2011 PST by vadim
# Generated Thu Feb 17 17:36:04 2011 PST by vadim
#
# files: * firewall70.fw iptables.sh
#
@ -412,7 +412,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:52 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:04 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall71.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:52 2011 PST by vadim
# Generated Thu Feb 17 17:36:04 2011 PST by vadim
#
# files: * firewall71.fw /etc/fw/firewall71.fw
#
@ -428,7 +428,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:52 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:04 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

14
test/ipt/firewall72-1.3.x.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:55 2011 PST by vadim
# Generated Thu Feb 17 17:36:07 2011 PST by vadim
#
# files: * firewall72-1.3.x.fw /etc/fw/firewall72-1.3.x.fw
#
@ -343,15 +343,15 @@ script_body() {
$IPTABLES -t nat -N Cid212911X8629.0
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j Cid212911X8629.0
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid212911X8629.0
$IPTABLES -t nat -A Cid212911X8629.0 -d 192.168.1.0/24 -j RETURN
$IPTABLES -t nat -A Cid212911X8629.0 -d 192.168.2.0/24 -j RETURN
$IPTABLES -t nat -A Cid212911X8629.0 -j SNAT --to-source 172.16.1.1
$IPTABLES -t nat -A Cid212911X8629.0 -d 192.168.1.0/24 -j RETURN
$IPTABLES -t nat -A Cid212911X8629.0 -d 192.168.2.0/24 -j RETURN
$IPTABLES -t nat -A Cid212911X8629.0 -j SNAT --to-source 172.16.1.1
#
# Rule 5 (NAT)
#
echo "Rule 5 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.1.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.1.1 --dport 80 -j REDIRECT --to-ports 3128
@ -555,7 +555,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:55 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:07 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

14
test/ipt/firewall72-1.4.3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:55 2011 PST by vadim
# Generated Thu Feb 17 17:36:07 2011 PST by vadim
#
# files: * firewall72-1.4.3.fw /etc/fw/firewall72-1.4.3.fw
#
@ -343,15 +343,15 @@ script_body() {
$IPTABLES -t nat -N Cid213031X8629.0
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j Cid213031X8629.0
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid213031X8629.0
$IPTABLES -t nat -A Cid213031X8629.0 -d 192.168.1.0/24 -j RETURN
$IPTABLES -t nat -A Cid213031X8629.0 -d 192.168.2.0/24 -j RETURN
$IPTABLES -t nat -A Cid213031X8629.0 -j SNAT --to-source 172.16.1.1
$IPTABLES -t nat -A Cid213031X8629.0 -d 192.168.1.0/24 -j RETURN
$IPTABLES -t nat -A Cid213031X8629.0 -d 192.168.2.0/24 -j RETURN
$IPTABLES -t nat -A Cid213031X8629.0 -j SNAT --to-source 172.16.1.1
#
# Rule 5 (NAT)
#
echo "Rule 5 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 ! -d 192.168.1.1 --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 ! -d 192.168.1.1 --dport 80 -j REDIRECT --to-ports 3128
@ -555,7 +555,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:55 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:07 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall73.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:58 2011 PST by vadim
# Generated Thu Feb 17 17:36:11 2011 PST by vadim
#
# files: * firewall73.fw /etc/fw/firewall73.fw
#
@ -523,7 +523,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:58 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:11 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall74.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:58 2011 PST by vadim
# Generated Thu Feb 17 17:36:11 2011 PST by vadim
#
# files: * firewall74.fw /etc/fw/firewall74.fw
#
@ -375,7 +375,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:26:58 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:11 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall8.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:27:01 2011 PST by vadim
# Generated Thu Feb 17 17:36:14 2011 PST by vadim
#
# files: * firewall8.fw /etc/fw/firewall8.fw
#
@ -358,7 +358,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:27:01 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:14 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

26
test/ipt/firewall80.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:27:02 2011 PST by vadim
# Generated Thu Feb 17 17:36:15 2011 PST by vadim
#
# files: * firewall80.fw /etc/fw/firewall80.fw
#
@ -298,8 +298,8 @@ script_body() {
#
# DNAT Rule
$IPTABLES -t nat -N NAT_1_PREROUTING
$IPTABLES -t nat -A NAT_1_PREROUTING -d 192.0.2.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -d 192.0.2.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A NAT_1_PREROUTING -d 192.0.2.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -d 192.0.2.1 -j DNAT --to-destination 192.168.1.10
#
# Rule NAT_1 1 (NAT)
#
@ -317,33 +317,33 @@ script_body() {
#
# Branch rule with actual translation. Translation is ignored and warning should be issued
# firewall80:NAT:0: warning: Translated Src, Dst and Srv are ignored in the NAT rule with action 'Branch'
$IPTABLES -t nat -A POSTROUTING -d 192.0.2.1 -j NAT_1_POSTROUTING
$IPTABLES -t nat -A POSTROUTING -d 192.0.2.1 -j NAT_1_POSTROUTING
# firewall80:NAT:0: warning: Translated Src, Dst and Srv are ignored in the NAT rule with action 'Branch'
$IPTABLES -t nat -A PREROUTING -d 192.0.2.1 -j NAT_1_PREROUTING
$IPTABLES -t nat -A PREROUTING -d 192.0.2.1 -j NAT_1_PREROUTING
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
# DNAT Rule
$IPTABLES -t nat -A POSTROUTING -j NAT_1_POSTROUTING
$IPTABLES -t nat -A PREROUTING -j NAT_1_PREROUTING
$IPTABLES -t nat -A POSTROUTING -j NAT_1_POSTROUTING
$IPTABLES -t nat -A PREROUTING -j NAT_1_PREROUTING
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
# for #1686
$IPTABLES -t nat -A POSTROUTING -p tcp -m tcp -s 192.0.2.1 --dport 10000:11000 -j NAT_1_POSTROUTING
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.0.2.1 --dport 10000:11000 -j NAT_1_PREROUTING
$IPTABLES -t nat -A POSTROUTING -p tcp -m tcp -s 192.0.2.1 --dport 10000:11000 -j NAT_1_POSTROUTING
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.0.2.1 --dport 10000:11000 -j NAT_1_PREROUTING
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
# for #1686
$IPTABLES -t nat -A POSTROUTING -p tcp -m tcp -s 192.0.2.1 --dport 10000:11000 -j NAT_1_POSTROUTING
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.0.2.1 --dport 10000:11000 -j NAT_1_PREROUTING
$IPTABLES -t nat -A POSTROUTING -p tcp -m tcp -s 192.0.2.1 --dport 10000:11000 -j NAT_1_POSTROUTING
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.0.2.1 --dport 10000:11000 -j NAT_1_PREROUTING
}
ip_forward() {
@ -399,7 +399,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:27:02 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:15 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

18
test/ipt/firewall81.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:27:05 2011 PST by vadim
# Generated Thu Feb 17 17:36:18 2011 PST by vadim
#
# files: * firewall81.fw /etc/fw/firewall81.fw
#
@ -303,9 +303,9 @@ script_body() {
# Translation is ignored and warning should be issued
# firewall81:NAT_2:0: warning: NAT branching rule does not have information about targets used in the branch ruleset to choose proper chain in the nat table. Will split the rule and place it in both PREROUTNING and POSTROUTING
$IPTABLES -t nat -N NAT_1
$IPTABLES -t nat -A POSTROUTING -d 192.0.2.1 -j NAT_1
$IPTABLES -t nat -A POSTROUTING -d 192.0.2.1 -j NAT_1
# firewall81:NAT_2:0: warning: NAT branching rule does not have information about targets used in the branch ruleset to choose proper chain in the nat table. Will split the rule and place it in both PREROUTNING and POSTROUTING
$IPTABLES -t nat -A PREROUTING -d 192.0.2.1 -j NAT_1
$IPTABLES -t nat -A PREROUTING -d 192.0.2.1 -j NAT_1
#
# Rule NAT_2 1 (NAT)
#
@ -313,9 +313,9 @@ script_body() {
#
# DNAT Rule
# firewall81:NAT_2:1: warning: NAT branching rule does not have information about targets used in the branch ruleset to choose proper chain in the nat table. Will split the rule and place it in both PREROUTNING and POSTROUTING
$IPTABLES -t nat -A POSTROUTING -j NAT_1
$IPTABLES -t nat -A POSTROUTING -j NAT_1
# firewall81:NAT_2:1: warning: NAT branching rule does not have information about targets used in the branch ruleset to choose proper chain in the nat table. Will split the rule and place it in both PREROUTNING and POSTROUTING
$IPTABLES -t nat -A PREROUTING -j NAT_1
$IPTABLES -t nat -A PREROUTING -j NAT_1
# ================ Table 'nat', rule set NAT_1
#
@ -325,7 +325,7 @@ script_body() {
#
# DNAT Rule
$IPTABLES -t nat -N NAT_1_PREROUTING
$IPTABLES -t nat -A NAT_1_PREROUTING -d 192.0.2.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A NAT_1_PREROUTING -d 192.0.2.1 -j DNAT --to-destination 192.168.1.10
#
# Rule NAT_1 1 (NAT)
#
@ -342,7 +342,7 @@ script_body() {
echo "Rule NAT_1 0 (NAT)"
#
# DNAT Rule
$IPTABLES -t nat -A NAT_1_PREROUTING -d 192.0.2.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A NAT_1_PREROUTING -d 192.0.2.1 -j DNAT --to-destination 192.168.1.10
#
# Rule NAT_1 1 (NAT)
#
@ -419,7 +419,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:27:05 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:18 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall82.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:27:06 2011 PST by vadim
# Generated Thu Feb 17 17:36:19 2011 PST by vadim
#
# files: * firewall82.fw /etc/firewall82.fw
#
@ -414,7 +414,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:27:06 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:19 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall82_A.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:27:09 2011 PST by vadim
# Generated Thu Feb 17 17:36:23 2011 PST by vadim
#
# files: * firewall82_A.fw /etc/fw/firewall82_A.fw
#
@ -406,7 +406,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:27:09 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:23 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall82_B.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:27:09 2011 PST by vadim
# Generated Thu Feb 17 17:36:22 2011 PST by vadim
#
# files: * firewall82_B.fw /etc/fw/firewall82_B.fw
#
@ -363,7 +363,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:27:09 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall9.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:27:12 2011 PST by vadim
# Generated Thu Feb 17 17:36:26 2011 PST by vadim
#
# files: * firewall9.fw /etc/fw/firewall9.fw
#
@ -633,7 +633,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:27:12 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:26 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall90.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:27:13 2011 PST by vadim
# Generated Thu Feb 17 17:36:26 2011 PST by vadim
#
# files: * firewall90.fw /etc/fw/firewall90.fw
#
@ -383,7 +383,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:27:13 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:26 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall91.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:27:15 2011 PST by vadim
# Generated Thu Feb 17 17:36:29 2011 PST by vadim
#
# files: * firewall91.fw /etc/fw/firewall91.fw
#
@ -383,7 +383,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:27:15 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:29 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/firewall92.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:27:16 2011 PST by vadim
# Generated Thu Feb 17 17:36:30 2011 PST by vadim
#
# files: * firewall92.fw /etc/fw/firewall92.fw
#
@ -313,13 +313,13 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p udp -m udp -m owner --uid-owner anonymous -j REDIRECT --to-ports 53
$IPTABLES -t nat -A OUTPUT -p udp -m udp -m owner --uid-owner anonymous -j REDIRECT --to-ports 53
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m owner --uid-owner anonymous -j REDIRECT --to-ports 9040
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m owner --uid-owner anonymous -j REDIRECT --to-ports 9040
@ -419,7 +419,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:27:16 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:30 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall93.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:27:19 2011 PST by vadim
# Generated Thu Feb 17 17:36:33 2011 PST by vadim
#
# files: * firewall93.fw /etc/fw/firewall93.fw
#
@ -458,7 +458,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:27:19 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:36:33 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/fw-A.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:46 2011 PST by vadim
# Generated Thu Feb 17 17:38:05 2011 PST by vadim
#
# files: * fw-A.fw /sw/FWbuilder/fw-A.fw
#
@ -722,7 +722,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:46 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:05 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

24
test/ipt/fw1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:45 2011 PST by vadim
# Generated Thu Feb 17 17:38:02 2011 PST by vadim
#
# files: * fw1.fw /etc/fw1.fw
#
@ -324,8 +324,8 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -j ACCEPT
#
# Rule 1 (NAT)
#
@ -339,15 +339,15 @@ script_body() {
echo "Rule 2 (NAT)"
#
# dest port only
$IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --dport 53 -j DNAT --to-destination :1053
$IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --dport 53 -j DNAT --to-destination :1053
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
# SDNAT
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.0.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.0.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -d 192.168.1.10 --dport 22 -j SNAT --to-source 192.168.1.1
#
# Rule 4 (NAT)
@ -355,8 +355,8 @@ script_body() {
echo "Rule 4 (NAT)"
#
# SDNAT with source port
$IPTABLES -t nat -A PREROUTING -p udp -m udp --sport 123 -d 192.0.2.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p udp -m udp --sport 123 -d 192.168.1.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p udp -m udp --sport 123 -d 192.0.2.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p udp -m udp --sport 123 -d 192.168.1.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp --sport 123 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1:5050
#
# Rule 5 (NAT)
@ -364,7 +364,7 @@ script_body() {
echo "Rule 5 (NAT)"
#
# SDNAT with dest port
$IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --dport 53 -j DNAT --to-destination 192.168.1.10:1053
$IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --dport 53 -j DNAT --to-destination 192.168.1.10:1053
$IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1
#
# Rule 6 (NAT)
@ -374,7 +374,7 @@ script_body() {
# SDNAT
# translate src and dst addresses
# and src and dst ports
$IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --sport 1024:65535 --dport 53 -j DNAT --to-destination 192.168.1.10:1053
$IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --sport 1024:65535 --dport 53 -j DNAT --to-destination 192.168.1.10:1053
$IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1:32767-65535
#
# Rule 7 (NAT)
@ -519,7 +519,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:45 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:02 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

12
test/ipt/fwbuilder.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:26:25 2011 PST by vadim
# Generated Thu Feb 17 17:35:35 2011 PST by vadim
#
# files: * fwbuilder.fw /etc/init.d/fwbuilder.fw
#
@ -325,16 +325,16 @@ script_body() {
$IPTABLES -t nat -N Cid2101361X9995.0
$IPTABLES -t nat -A POSTROUTING -o eth+ -j Cid2101361X9995.0
grep -Ev '^#|^;|^\s*$' addr-table-1.tbl | while read L ; do
set $L; at_atbl_1=$1; $IPTABLES -t nat -A Cid2101361X9995.0 -s $at_atbl_1 -j RETURN
set $L; at_atbl_1=$1; $IPTABLES -t nat -A Cid2101361X9995.0 -s $at_atbl_1 -j RETURN
done
$IPTABLES -t nat -A Cid2101361X9995.0 -o eth+ -j SNAT --to-source 1.1.1.1
$IPTABLES -t nat -A Cid2101361X9995.0 -j SNAT --to-source 1.1.1.1
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
grep -Ev '^#|^;|^\s*$' addr-table-1.tbl | while read L ; do
set $L; at_atbl_1=$1; $IPTABLES -t nat -A PREROUTING -d $at_atbl_1 -j DNAT --to-destination 192.168.1.10
set $L; at_atbl_1=$1; $IPTABLES -t nat -A PREROUTING -d $at_atbl_1 -j DNAT --to-destination 192.168.1.10
done
@ -483,7 +483,7 @@ status_action() {
}
start() {
log "Activating firewall script generated Tue Feb 15 14:26:25 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:35:35 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:58 2011 PST by vadim
# Generated Thu Feb 17 17:38:18 2011 PST by vadim
#
# files: * heartbeat_cluster_1_d_linux-1-d.fw firewall.sh
#
@ -343,7 +343,7 @@ script_body() {
#
for i_eth0 in $i_eth0_list
do
test -n "$i_eth0" && $IPTABLES -t nat -A PREROUTING -d $i_eth0 -j DNAT --to-destination 192.168.1.100
test -n "$i_eth0" && $IPTABLES -t nat -A PREROUTING -d $i_eth0 -j DNAT --to-destination 192.168.1.100
done
#
# Rule 4 (NAT)
@ -352,7 +352,7 @@ script_body() {
#
for i_eth0 in $i_eth0_list
do
test -n "$i_eth0" && $IPTABLES -t nat -A PREROUTING -d $i_eth0 -j DNAT --to-destination 192.168.1.100
test -n "$i_eth0" && $IPTABLES -t nat -A PREROUTING -d $i_eth0 -j DNAT --to-destination 192.168.1.100
done
@ -720,7 +720,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:58 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:18 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:59 2011 PST by vadim
# Generated Thu Feb 17 17:38:19 2011 PST by vadim
#
# files: * heartbeat_cluster_1_d_linux-2-d.fw firewall.sh
#
@ -348,7 +348,7 @@ script_body() {
#
for i_eth0 in $i_eth0_list
do
test -n "$i_eth0" && $IPTABLES -t nat -A PREROUTING -d $i_eth0 -j DNAT --to-destination 192.168.1.100
test -n "$i_eth0" && $IPTABLES -t nat -A PREROUTING -d $i_eth0 -j DNAT --to-destination 192.168.1.100
done
#
# Rule 4 (NAT)
@ -356,7 +356,7 @@ script_body() {
echo "Rule 4 (NAT)"
#
# heartbeat_cluster_1_d:NAT:4: error: Can not build rule using dynamic interface 'eth0' of the object 'linux-1-d' because its address in unknown.
$IPTABLES -t nat -A PREROUTING -d -j DNAT --to-destination 192.168.1.100
$IPTABLES -t nat -A PREROUTING -d -j DNAT --to-destination 192.168.1.100
@ -723,7 +723,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:59 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:19 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/heartbeat_cluster_1_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:57 2011 PST by vadim
# Generated Thu Feb 17 17:38:17 2011 PST by vadim
#
# files: * heartbeat_cluster_1_linux-1.fw /etc/heartbeat_cluster_1_linux-1.fw
#
@ -417,13 +417,13 @@ script_body() {
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 172.24.0.1 --dport 22 -j DNAT --to-destination 192.168.1.100
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 172.24.0.1 --dport 22 -j DNAT --to-destination 192.168.1.100
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 172.24.0.1 --dport 22 -j DNAT --to-destination 192.168.1.100
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 172.24.0.1 --dport 22 -j DNAT --to-destination 192.168.1.100
@ -843,7 +843,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:57 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:17 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/heartbeat_cluster_1_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:58 2011 PST by vadim
# Generated Thu Feb 17 17:38:18 2011 PST by vadim
#
# files: * heartbeat_cluster_1_linux-2.fw /etc/heartbeat_cluster_1_linux-2.fw
#
@ -322,13 +322,13 @@ script_body() {
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 172.24.0.1 --dport 22 -j DNAT --to-destination 192.168.1.100
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 172.24.0.1 --dport 22 -j DNAT --to-destination 192.168.1.100
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 172.24.0.1 --dport 22 -j DNAT --to-destination 192.168.1.100
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 172.24.0.1 --dport 22 -j DNAT --to-destination 192.168.1.100
@ -741,7 +741,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:58 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:18 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_2_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:59 2011 PST by vadim
# Generated Thu Feb 17 17:38:19 2011 PST by vadim
#
# files: * heartbeat_cluster_2_linux-1.fw /etc/heartbeat_cluster_2_linux-1.fw
#
@ -707,7 +707,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:59 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:19 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_2_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:59 2011 PST by vadim
# Generated Thu Feb 17 17:38:20 2011 PST by vadim
#
# files: * heartbeat_cluster_2_linux-2.fw /etc/heartbeat_cluster_2_linux-2.fw
#
@ -620,7 +620,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:59 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:20 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/host.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:48 2011 PST by vadim
# Generated Thu Feb 17 17:38:06 2011 PST by vadim
#
# files: * host.fw /etc/fw/host.fw
#
@ -422,7 +422,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:48 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:06 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

17411
test/ipt/objects-for-regression-tests.fwb
View File

File diff suppressed because it is too large Load Diff

6
test/ipt/openais_cluster_1_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:59 2011 PST by vadim
# Generated Thu Feb 17 17:38:20 2011 PST by vadim
#
# files: * openais_cluster_1_linux-1.fw /etc/openais_cluster_1_linux-1.fw
#
@ -707,7 +707,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:59 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:20 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/openais_cluster_1_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:29:00 2011 PST by vadim
# Generated Thu Feb 17 17:38:21 2011 PST by vadim
#
# files: * openais_cluster_1_linux-2.fw /etc/openais_cluster_1_linux-2.fw
#
@ -611,7 +611,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:29:00 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:21 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

2
test/ipt/rc.firewall.local
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Thu Feb 17 15:16:56 2011 PST by vadim
# Generated Thu Feb 17 17:38:09 2011 PST by vadim
#
# files: * rc.firewall.local /etc/rc.d//rc.firewall.local
#

6
test/ipt/rh90.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:50 2011 PST by vadim
# Generated Thu Feb 17 17:38:09 2011 PST by vadim
#
# files: * rh90.fw /etc/rh90.fw
#
@ -421,7 +421,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:50 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:09 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/secuwall_cluster_1_secuwall-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:29:00 2011 PST by vadim
# Generated Thu Feb 17 17:38:20 2011 PST by vadim
#
# files: * secuwall_cluster_1_secuwall-1.fw /etc/secuwall_cluster_1_secuwall-1.fw
#
@ -405,7 +405,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:29:00 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:20 2011 by vadim"
log "Database was cluster-tests.fwb"
check_tools
check_run_time_address_table_files

6
test/ipt/server-cluster-1_server-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:29:00 2011 PST by vadim
# Generated Thu Feb 17 17:38:21 2011 PST by vadim
#
# files: * server-cluster-1_server-1.fw /etc/fw/server-cluster-1_server-1.fw
#
@ -398,7 +398,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:29:00 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:21 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/server-cluster-1_server-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:29:00 2011 PST by vadim
# Generated Thu Feb 17 17:38:21 2011 PST by vadim
#
# files: * server-cluster-1_server-2.fw /etc/fw/server-cluster-1_server-2.fw
#
@ -397,7 +397,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:29:00 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:21 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test-shadowing-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:53 2011 PST by vadim
# Generated Thu Feb 17 17:38:13 2011 PST by vadim
#
# files: * test-shadowing-1.fw /etc/test-shadowing-1.fw
#
@ -461,7 +461,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:53 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:13 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test-shadowing-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:56 2011 PST by vadim
# Generated Thu Feb 17 17:38:16 2011 PST by vadim
#
# files: * test-shadowing-2.fw /etc/test-shadowing-2.fw
#
@ -423,7 +423,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:56 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:16 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test-shadowing-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:59 2011 PST by vadim
# Generated Thu Feb 17 17:38:20 2011 PST by vadim
#
# files: * test-shadowing-3.fw /etc/test-shadowing-3.fw
#
@ -474,7 +474,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:59 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:20 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

12
test/ipt/test_fw.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:28:53 2011 PST by vadim
# Generated Thu Feb 17 17:38:14 2011 PST by vadim
#
# files: * test_fw.fw /etc/test_fw.fw
#
@ -316,8 +316,8 @@ script_body() {
# no need to translate
# between DMZ and
# internal net
$IPTABLES -t nat -A POSTROUTING -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
#
# Rule 1 (NAT)
#
@ -332,7 +332,7 @@ script_body() {
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -d 192.0.2.1 -j DNAT --to-destination 192.168.2.10
$IPTABLES -t nat -A PREROUTING -d 192.0.2.1 -j DNAT --to-destination 192.168.2.10
@ -570,7 +570,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:28:53 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:14 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_1_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:29:00 2011 PST by vadim
# Generated Thu Feb 17 17:38:21 2011 PST by vadim
#
# files: * vrrp_cluster_1_linux-1.fw /etc/vrrp_cluster_1_linux-1.fw
#
@ -710,7 +710,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:29:00 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:21 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_1_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:29:01 2011 PST by vadim
# Generated Thu Feb 17 17:38:21 2011 PST by vadim
#
# files: * vrrp_cluster_1_linux-2.fw /etc/vrrp_cluster_1_linux-2.fw
#
@ -615,7 +615,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:29:01 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:21 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_2_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:29:01 2011 PST by vadim
# Generated Thu Feb 17 17:38:21 2011 PST by vadim
#
# files: * vrrp_cluster_2_linux-1.fw /etc/vrrp_cluster_2_linux-1.fw
#
@ -642,7 +642,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:29:01 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:21 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_2_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:29:01 2011 PST by vadim
# Generated Thu Feb 17 17:38:22 2011 PST by vadim
#
# files: * vrrp_cluster_2_linux-2.fw /etc/vrrp_cluster_2_linux-2.fw
#
@ -547,7 +547,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:29:01 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_2_linux-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3477
# Firewall Builder fwb_ipt v4.2.0.3480
#
# Generated Tue Feb 15 14:29:01 2011 PST by vadim
# Generated Thu Feb 17 17:38:22 2011 PST by vadim
#
# files: * vrrp_cluster_2_linux-3.fw /etc/vrrp_cluster_2_linux-3.fw
#
@ -523,7 +523,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue Feb 15 14:29:01 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 17:38:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files