From 0f8df0c7496b9cd6f5b8084b3b619b04a31e5c7f Mon Sep 17 00:00:00 2001
From: gyurix <gyorgy.berenyi@format.hu>
Date: Sun, 12 Dec 2021 20:42:35 +0000
Subject: [PATCH] NSENTER selector and nat table seletors included

---
 firewall/firewall-add | 50 ++++++++++++++++++++++++++++++++-----------
 1 file changed, 37 insertions(+), 13 deletions(-)

diff --git a/firewall/firewall-add b/firewall/firewall-add
index 9aeab40..0296631 100755
--- a/firewall/firewall-add
+++ b/firewall/firewall-add
@@ -1,11 +1,15 @@
 #!/bin/sh
+
+# Task type variables
 NSENTER=$NSENTER
+PREROUTING=$PREROUTING
+POSTROUTING=$POSTROUTING
+
+# Mandatory task variables
 NAME=$NAME-$COMMENT
 CHAIN=$CHAIN
 COMMENT=$COMMENT
 PROTOCOL=$TYPE
-VPN_IP=$VPN_IP
-VPN_NETWORK=$VPN_NETWORK
 
 ##############################
 
@@ -41,21 +45,41 @@ for source_ip_index in $(seq 1 $COUNT_SOURCE_IP) ; do
 # NSENTER Specific settings #
 if [[ "$NSENTER" == "true" ]] ; then
 
-	iptables="nsenter -t $(docker inspect --format {{.State.Pid}} $NAME) -n -- $IPTABLES -t nat";
+	if [[ "$PREROUTING" == "true" ]] || [[ "$POSTROUTING" == "true" ]] ; then
+		iptables="nsenter -t $(docker inspect --format {{.State.Pid}} $NAME) -n -- $IPTABLES -t nat";
+		
+		if [[ "$PREROUTING" == "true" ]] ; then
+			LINES=$($iptables --line-number -n | grep $COMMENT | awk '{print $1}'| tac)
 
-	# DELETE UNECESSARY LINES FROM PREVIOUS RULES
-	LINES=$($iptables --line-number -n | grep $VPN_NETWORK | awk '{print $1}'| tac)
+				# DELETE UNECESSARY LINES FROM PREVIOUS RULES
+				if [ -n "$LINES" ] ; then
+					for i in $LINES; do 
+						$iptables -D PREROUTING $i
+						sleep 0.1
+					done
+				fi
+		
+			$iptables -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT
+			
+		elif [[ "$POSTROUTING" == "true" ]] ; then
+			LINES=$($iptables --line-number -n | grep $COMMENT | awk '{print $1}'| tac)
 
-		if [ -n "$LINES" ] ; then
-			for i in $LINES; do 
-				$iptables -D $CHAIN $i
-				sleep 0.1
-			done
-		fi
+				# DELETE UNECESSARY LINES FROM PREVIOUS RULES
+				if [ -n "$LINES" ] ; then
+					for i in $LINES; do 
+						$iptables -D POSTROUTING $i
+						sleep 0.1
+					done
+				fi
+		
+			$iptables -I POSTROUTING -d $TARGET_IP -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j MASQUERADE	
 
-	$iptables -I POSTROUTING -m state --state established,related -j ACCEPT;
+	else 
+		ip_route="nsenter -t $(docker inspect --format {{.State.Pid}} $NAME) -n -- ip route";
+
+
+	fi
 
-	$iptables -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT
 
 else 
 	if $IPTABLES --list $CHAIN |grep ESTABLISHED |grep RELATED|grep ACCEPT ; then