X-Git-Url: http://git.squeep.com/?p=firewall-squeep;a=blobdiff_plain;f=firewall.sh;fp=firewall.sh;h=c55762f75a0db702c9efe4a1ef5ebe935c21d606;hp=8bf61607de02fcbf03af62915316e24eda5226b0;hb=88b6064d6b15feb847fc182b06d565485f8eb696;hpb=5a9b8966bc04f29d3989986875d188c727a030ca

diff --git a/firewall.sh b/firewall.sh
index 8bf6160..c55762f 100755
--- a/firewall.sh
+++ b/firewall.sh
@@ -15,7 +15,7 @@ fi
 
 if [ $# -lt 1 ]
 then
-	echo "Usage: $(basename "$0") external_interface" 1>&2
+	echo "Usage: $(basename "$0") external_interface [external_addr]" 1>&2
 	exit 64
 fi
 
@@ -26,6 +26,13 @@ then
 	exit 1
 fi
 
+is_router=0
+if [ $# -gt 1 ]
+then
+	is_router=1
+	EXT_ADDR="$2"
+fi
+
 $IPTABLES -F
 $IPTABLES -F INPUT
 $IPTABLES -X
@@ -76,6 +83,11 @@ $IP6TABLES -A INPUT -p esp -j ACCEPT
 $IPTABLES -A INPUT -m policy --dir in --pol ipsec -j ACCEPT
 $IP6TABLES -A INPUT -m policy --dir in --pol ipsec -j ACCEPT
 
+if [ $is_router -gt 0 ]
+then
+	$IPTABLES -t nat -A POSTROUTING -o ${EXT_IF} -j SNAT --to ${EXT_ADDR}
+fi
+
 ./services.sh ${EXT_IF}
 
 create_drop_chain xenophobe