From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 18 Mar 2014 22:49:23 +0000 (+0100)
Subject: firewall: rules.pl: Add support for auto selection of NAT addresses.
X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=b0d9fad3f94fb73b1686c5e6a948066497638d26

firewall: rules.pl: Add support for auto selection of NAT addresses.
---

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 7a8e9ba35..50fff3f09 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -400,13 +400,14 @@ sub get_nat_address {
 	my $source = shift;
 
 	# Any static address of any zone.
-	if ($zone eq "RED" || $zone eq "GREEN" || $zone eq "ORANGE" || $zone eq "BLUE") {
-		return $defaultNetworks{$zone . "_ADDRESS"};
-
-	} elsif ($zone eq "Default IP") {
+	if ($zone eq "AUTO") {
 		if ($source) {
 			my $firewall_ip = &get_internal_firewall_ip_address($source, 1);
+			if ($firewall_ip) {
+				return $firewall_ip;
+			}
 
+			$firewall_ip = &get_matching_firewall_address($source, 1);
 			if ($firewall_ip) {
 				return $firewall_ip;
 			}
@@ -414,6 +415,12 @@ sub get_nat_address {
 
 		return &get_external_address();
 
+	} elsif ($zone eq "RED" || $zone eq "GREEN" || $zone eq "ORANGE" || $zone eq "BLUE") {
+		return $defaultNetworks{$zone . "_ADDRESS"};
+
+	} elsif ($zone eq "Default IP") {
+		return &get_external_address();
+
 	} else {
 		return &get_alias($zone);
 	}
@@ -845,8 +852,8 @@ sub get_internal_firewall_ip_address {
 	my $use_orange = shift;
 
 	my ($net_address, $net_mask) = split("/", $subnet);
-	if (!$net_mask) {
-		return;
+	if ((!$net_mask) || ($net_mask ~~ ["32", "255.255.255.255"])) {
+		return 0;
 	}
 
 	my @addresses = &get_internal_firewall_ip_addresses($use_orange);
@@ -855,6 +862,8 @@ sub get_internal_firewall_ip_address {
 			return $zone_address;
 		}
 	}
+
+	return 0;
 }
 
 sub firewall_is_in_subnet {
@@ -870,3 +879,28 @@ sub firewall_is_in_subnet {
 
 	return 0;
 }
+
+sub get_matching_firewall_address {
+	my $addr = shift;
+	my $use_orange = shift;
+
+	my ($address, $netmask) = split("/", $addr);
+
+	my @zones = ("GREEN", "BLUE");
+	if ($use_orange) {
+		push(@zones, "ORANGE");
+	}
+
+	foreach my $zone (@zones) {
+		next unless (exists $defaultNetworks{$zone . "_ADDRESS"});
+
+		my $zone_subnet = $defaultNetworks{$zone . "_NETADDRESS"};
+		my $zone_mask   = $defaultNetworks{$zone . "_NETMASK"};
+
+		if (&General::IpInSubnet($address, $zone_subnet, $zone_mask)) {
+			return $defaultNetworks{$zone . "_ADDRESS"};
+		}
+	}
+
+	return 0;
+}