minor updates to scripts

[firewall-squeep] / firewall.sh

diff --git a/firewall.sh b/firewall.sh
index 8bf61607de02fcbf03af62915316e24eda5226b0..c55762f75a0db702c9efe4a1ef5ebe935c21d606 100755 (executable)
--- a/firewall.sh
+++ b/firewall.sh
@@ -15,7 +15,7 @@ fi
 
 if [ $# -lt 1 ]
 then
-       echo "Usage: $(basename "$0") external_interface" 1>&2
+       echo "Usage: $(basename "$0") external_interface [external_addr]" 1>&2
        exit 64
 fi
 
@@ -26,6 +26,13 @@ then
        exit 1
 fi
 
+is_router=0
+if [ $# -gt 1 ]
+then
+       is_router=1
+       EXT_ADDR="$2"
+fi
+
 $IPTABLES -F
 $IPTABLES -F INPUT
 $IPTABLES -X
@@ -76,6 +83,11 @@ $IP6TABLES -A INPUT -p esp -j ACCEPT
 $IPTABLES -A INPUT -m policy --dir in --pol ipsec -j ACCEPT
 $IP6TABLES -A INPUT -m policy --dir in --pol ipsec -j ACCEPT
 
+if [ $is_router -gt 0 ]
+then
+       $IPTABLES -t nat -A POSTROUTING -o ${EXT_IF} -j SNAT --to ${EXT_ADDR}
+fi
+
 ./services.sh ${EXT_IF}
 
 create_drop_chain xenophobe