From fa8de49a284fd817a9e0f9f03efb177c4ed8da0b Mon Sep 17 00:00:00 2001
From: gyurix <gyorgy.berenyi@format.hu>
Date: Thu, 27 Apr 2023 10:44:43 +0000
Subject: [PATCH] Introduced SOURCE_IFACE variable

---
 firewall/firewall-add | 34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/firewall/firewall-add b/firewall/firewall-add
index aba7ea0..c4c0d45 100755
--- a/firewall/firewall-add
+++ b/firewall/firewall-add
@@ -150,7 +150,9 @@ fi;
 if [[ -z "$SOURCE_IP" ]]; then
 	if [[ -z "$SOURCE" ]]; then
 		#SOURCE_IP="0.0.0.0/0";
-		echo "No source IP added"
+		echo "No source IP added";
+	elif [ "$SOURCE" == "SOURCE_IFACE" ]; then
+		echo "VPN interface added instead of IP or domain name";
 	else
 		IDX=0
 		for i in $(echo $SOURCE) ; do
@@ -244,24 +246,28 @@ fi
 
 
 prerouting() {
-	if [ "$SOURCE_IP" != "" ]; then
+	if [ "$SOURCE" == "SOURCE_IFACE" ]; then
+		debug "$IPTABLES -I PREROUTING -i $SOURCE_IFACE -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment $COMMENT -j DNAT --to $TARGET_IP:$TARGET_PORT"
+		$IPTABLES -w -I PREROUTING -i $SOURCE_IFACE -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT
+
+	elif [ "$SOURCE_IP" != "" ]; then
 		if [ "$SOURCE_PORT" != "" ]; then
 			if [ "$TARGET_IP" != "" ]; then
 				if [ "$TARGET_PORT" != "" ]; then
 
-	LINES=$($IPTABLES -w -L --line-number -n | grep DNAT | grep $SOURCE_PORT |grep $TARGET_IP |grep $TARGET_PORT |grep $COMMENT | awk '{print $1}'| tac)
-	debug "Previous prerouting lines: "$LINES
-	# DELETE UNECESSARY LINES FROM PREVIOUS RULES
-	if [ -n "$LINES" ] ; then
-		for i in $LINES; do 
-			debug "$IPTABLES -D PREROUTING $i";
-			$IPTABLES -w -D PREROUTING $i
-			sleep 0.1
-		done
-	fi
+					LINES=$($IPTABLES -w -L --line-number -n | grep DNAT | grep $SOURCE_PORT |grep $TARGET_IP |grep $TARGET_PORT |grep $COMMENT | awk '{print $1}'| tac)
+					debug "Previous prerouting lines: "$LINES
+					# DELETE UNECESSARY LINES FROM PREVIOUS RULES
+					if [ -n "$LINES" ] ; then
+						for i in $LINES; do 
+							debug "$IPTABLES -D PREROUTING $i";
+							$IPTABLES -w -D PREROUTING $i
+							sleep 0.1
+						done
+					fi
 
-	debug "$IPTABLES -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment $COMMENT -j DNAT --to $TARGET_IP:$TARGET_PORT"
-	$IPTABLES -w -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT
+					debug "$IPTABLES -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment $COMMENT -j DNAT --to $TARGET_IP:$TARGET_PORT"
+					$IPTABLES -w -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT
 				fi
 			fi
 		fi