From 34fa66b7ba4c6d541c04d726dfaafddaa12b5ed9 Mon Sep 17 00:00:00 2001
From: bbruns <bbruns@e5899ace-8841-11de-95b9-8f387cfb8bc3>
Date: Sat, 13 Nov 2010 04:57:32 +0000
Subject: [PATCH] Replace accidentally deleted options in options.default, add
 NETMAP support

---
 ChangeLog          | 2 ++
 bin/firewall-sosdg | 4 ++++
 options.default    | 7 +++++++
 3 files changed, 13 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index c626620..8ab71d6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
 0.9.10 - Brielle Bruns <bruns@2mbit.com>
 	- Move clamp mss up earlier in the rules to possibly
 	  fix an issue I noticed during testing
+	- Move icmp allow code
+	- Prevent duplicate icmp allow rules in NAT code
 
 0.9.9a - Brielle Bruns <bruns@2mbit.com>
 	- Minor bug fixes for my coding errors introduced in
diff --git a/bin/firewall-sosdg b/bin/firewall-sosdg
index 9d823f4..b1448a2 100755
--- a/bin/firewall-sosdg
+++ b/bin/firewall-sosdg
@@ -567,6 +567,10 @@ if [ $NAT ]; then
 				$IPTABLES -A FORWARD -p icmp --icmp-type time-exceeded -i ${NAT_RULE[1]} -o ${NAT_RULE[3]} -j ACCEPT
 				$IPTABLES -A FORWARD -p icmp --icmp-type fragmentation-needed -i ${NAT_RULE[1]} -o ${NAT_RULE[3]} -j ACCEPT
 					;;
+			NETMAP)
+				$IPTABLES -A PREROUTING -t nat -s ${NAT_RULE[2]} -j NETMAP --to ${NAT_RULE[4]}
+				display_c DEFAULT "\t${GREEN}NETMAP:${PURPLE}${NAT_RULE[2]}${AQUA}->${BLUE}${NAT_RULE[4]}"				
+					;;
 				*) display_c RED "Invalid NAT rule in NAT_RANGE" ;;
 			esac
 		done
diff --git a/options.default b/options.default
index 1f635fb..88b6d03 100755
--- a/options.default
+++ b/options.default
@@ -77,6 +77,13 @@ DONTTRACK="127.0.0.1"
 # Mark ipv4 packets for advanced purposes
 #IPv4_MARK=$BASEDIR/ipv4-marks
 
+# IP NAT Rules
+# SNAT:<INT IF>:<INT IP>:<EXT IF>:<EXT IP>
+# MASQ:<INT IF>:<INT IP>:<EXT IF>
+# NETMAP::<INT IP RANGE>::<EXT IP RANGE>
+#NAT_RANGE=""
+
+
 # Hacks to either block specific kinds of attacks or fix problems
 #
 # NS-IN-DDOS - 			Block DNS DDoS using NS/IN spoof, see: