diff options
Diffstat (limited to 'ipmasq/rules/A01precompute.rul')
| -rw-r--r-- | ipmasq/rules/A01precompute.rul | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/ipmasq/rules/A01precompute.rul b/ipmasq/rules/A01precompute.rul new file mode 100644 index 0000000..45786e6 --- /dev/null +++ b/ipmasq/rules/A01precompute.rul @@ -0,0 +1,56 @@ +if [ "$SHOWRULES" = "yes" ]; then + echo "Interfaces found:" +fi + +# precompute ips and netmasks +if [ -n "$EXTERNAL" -o -n "$INTERNAL" -o -n "$IPSEC" ]; then + for i in $EXTERNAL $INTERNAL $IPSEC; do + ii=$(echo $i | sed -e 's/\:/_/g') + ip=$(ipofif $i) + nm=$(nmofif $i) + peer=$(peerofif $i) + bc=$(bcofif $i) + eval "IPOFIF_$ii=$ip" + eval "NMOFIF_$ii=$nm" + eval "PEEROFIF_$ii=$peer" + eval "BCOFIF_$ii=$bc" + if [ "$SHOWRULES" = "yes" ]; then + echo -e " $i\t$ip/$nm" + fi + done +fi + +# precompute ipsec connections +if [ -n "$IPSEC" ]; then + if [ "$SHOWRULES" = "yes" ]; then + echo "IPSec connections found:" + fi + IPSECCONN="" + for i in $IPSEC; do + ii=$(echo $i | sed -e 's/\:/_/g') + eval "ip=\$IPOFIF_$ii" + eval "nm=\$IPOFIF_$ii" + igw=$(ipsec look | grep IPIP:.*src=$ip | sed 's/^\([^[:blank:]]*\).*/\1/') + conncollect="" + for ipsecgw in $igw; do + conn=$(ipsec look | grep "=> $ipsecgw" | sed 's/^.*=>[[:blank:]]*\([^@[:blank:]]*\).*/\1/') + conncollect="$conncollect $conn" + eval "IPSEC_IF_$conn=$i" + cidrleft=$(ipsec look | grep "=> $ipsecgw" | sed 's/^\([^[:blank:]]*\)[[:blank:]]*->[[:blank:]]*[^[:blank:]]*.*/\1/') + eval "IPSEC_HERE_$conn=$cidrleft" + cidrright=$(ipsec look | grep "=> $ipsecgw" | sed 's/^[^[:blank:]]*[[:blank:]]*->[[:blank:]]*\([^[:blank:]]*\).*/\1/') + eval "IPSEC_THERE_$conn=$cidrright" + eval "IPSEC_THERE_$conn=$cidrright" + done + IPSECCONN="$IPSECCONN $conncollect" + eval "IPSECCONN_${ii}=\"$conncollect\"" + if [ "$SHOWRULES" = "yes" ]; then + echo -e " $i\t$ip/$nm" + for conn in $conncollect; do + eval "IPSEC_HERE=\$IPSEC_HERE_$conn" + eval "IPSEC_THERE=\$IPSEC_THERE_$conn" + echo -e " $IPSEC_HERE -> $IPSEC_THERE" + done + fi + done +fi |