Also support ports on regular netmasks (not excluding)

vStone · vStone · commit 574feb92b9c8 · 2013-11-12T08:50:18.000+01:00
diff --git a/firewall.py b/firewall.py
@@ -107,7 +107,15 @@ def do_iptables(port, dnsport, subnets):
                         '--dest', '%s/%s' % (snet,swidth),
                         '-p', 'tcp')
             else:
-                ipt_ttl('-A', chain, '-j', 'REDIRECT',
+                if sport > 0:
+                    ipt_ttl('-A', chain, '-j', 'REDIRECT',
+                        '--dest', '%s/%s' % (snet,swidth),
+                        '-m', 'tcp',
+                        '--dport', '%d' % sport,
+                        '-p', 'tcp',
+                        '--to-ports', str(port))
+                else:
+                    ipt_ttl('-A', chain, '-j', 'REDIRECT',
                         '--dest', '%s/%s' % (snet,swidth),
                         '-p', 'tcp',
                         '--to-ports', str(port))
