From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZRFBD0Szqz335n for ; Mon, 31 Mar 2025 15:17:56 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZRFB83gr2z335c for ; Mon, 31 Mar 2025 15:17:52 +0000 (UTC) Received: from michael.haj.ipfire.org (michael.haj.ipfire.org [172.28.1.242]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "michael.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ZRFB76PxzzD2; Mon, 31 Mar 2025 15:17:51 +0000 (UTC) Received: by michael.haj.ipfire.org (Postfix, from userid 0) id 4ZRFB75HpbzTgmZ; Mon, 31 Mar 2025 15:17:51 +0000 (UTC) From: Michael Tremer To: development@lists.ipfire.org Cc: Michael Tremer Subject: [PATCH 1/3] firewall: Collect all networks that should not be NATed in an array Date: Mon, 31 Mar 2025 15:17:43 +0000 Message-Id: <20250331151745.3067362-1-michael.tremer@ipfire.org> X-Mailer: git-send-email 2.39.5 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit No functional changes. Signed-off-by: Michael Tremer --- src/initscripts/system/firewall | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index 139d94aa0..6d9c00282 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -481,22 +481,22 @@ iptables_red_up() { iptables -t nat -A REDNAT -i "${GREEN_DEV}" -o "${IFACE}" -j RETURN fi - local NO_MASQ_NETWORKS + local NO_MASQ_NETWORKS=() if [ "${MASQUERADE_GREEN}" = "off" ]; then - NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${GREEN_NETADDRESS}/${GREEN_NETMASK}" + NO_MASQ_NETWORKS+=( "${GREEN_NETADDRESS}/${GREEN_NETMASK}" ) fi if [ "${MASQUERADE_BLUE}" = "off" ]; then - NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${BLUE_NETADDRESS}/${BLUE_NETMASK}" + NO_MASQ_NETWORKS+=( "${BLUE_NETADDRESS}/${BLUE_NETMASK}" ) fi if [ "${MASQUERADE_ORANGE}" = "off" ]; then - NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${ORANGE_NETADDRESS}/${ORANGE_NETMASK}" + NO_MASQ_NETWORKS+=( "${ORANGE_NETADDRESS}/${ORANGE_NETMASK}" ) fi local network - for network in ${NO_MASQ_NETWORKS}; do + for network in ${NO_MASQ_NETWORKS[@]}; do iptables -t nat -A REDNAT -s "${network}" -o "${IFACE}" -j RETURN done -- 2.39.5