diff options
author | Denys Vlasenko <vda.linux@googlemail.com> | 2021-09-02 23:53:48 +0200 |
---|---|---|
committer | Denys Vlasenko <vda.linux@googlemail.com> | 2021-09-02 23:53:48 +0200 |
commit | d7e39f26d711b5736a3a478b0d8b353c0c02e958 (patch) | |
tree | 8955fc93622cf8cca448cfe4425e5192452e5469 /examples | |
parent | 4a36ef11ac4d46ae651cbedc440ca6853415283a (diff) |
examples/var_service/fw/run: allow extif's to be more than one iface
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'examples')
-rwxr-xr-x | examples/var_service/fw/run | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/examples/var_service/fw/run b/examples/var_service/fw/run index 41078d0ab..15c2b2f0a 100755 --- a/examples/var_service/fw/run +++ b/examples/var_service/fw/run @@ -179,7 +179,9 @@ ipt="iptables -t nat -A OUTPUT" # OUTGOING TRAFFIC ipt="iptables -t nat -A POSTROUTING" # Masquerade boxes on my private net -doit $ipt -s 192.168.0.0/24 -o $extif -j MASQUERADE +for e in $extif; do + doit $ipt -s 192.168.0.0/24 -o $e -j MASQUERADE +done # *** mangle *** ### DEBUG @@ -204,7 +206,9 @@ fi doit $ipt -p tcp -j REJECT # Anything else isn't ok. REJECT = irc opens faster # (it probes proxy ports, DROP will incur timeout delays) ipt="iptables -t filter -A INPUT" -doit $ipt -i $extif -j iext +for e in $extif; do + doit $ipt -i $e -j iext +done echo; echo "* Enabling forwarding" @@ -222,12 +226,12 @@ echo; echo "* Routing:" ip r l echo; echo "* Firewall:" { -echo '---FILTER--'; -iptables -v -L -x -n; -echo '---NAT-----'; -iptables -t nat -v -L -x -n; -echo '---MANGLE--'; -iptables -t mangle -v -L -x -n; +echo '---FILTER--' +iptables -v -L -x -n +echo '---NAT-----' +iptables -t nat -v -L -x -n +echo '---MANGLE--' +iptables -t mangle -v -L -x -n } \ | grep -v '^$' | grep -Fv 'bytes target' echo |