@@ -326,16 +326,29 @@ def do_ipfw(port, dnsport, subnets):
326326
327327 if subnets :
328328 # create new subnet entries
329- for swidth ,sexclude ,snet in sorted (subnets , reverse = True ):
329+ for swidth ,dport , sexclude ,snet in sorted (subnets , reverse = True ):
330330 if sexclude :
331- ipfw ('add' , sport , 'skipto' , xsport ,
332- 'tcp' ,
333- 'from' , 'any' , 'to' , '%s/%s' % (snet ,swidth ))
331+ if dport > 0 :
332+ ipfw ('add' , sport , 'skipto' , xsport ,
333+ 'tcp' ,
334+ 'from' , 'any' , 'to' , '%s/%s' % (snet ,swidth ),
335+ '%d' % dport )
336+ else :
337+ ipfw ('add' , sport , 'skipto' , xsport ,
338+ 'tcp' ,
339+ 'from' , 'any' , 'to' , '%s/%s' % (snet ,swidth ))
334340 else :
335- ipfw ('add' , sport , 'fwd' , '127.0.0.1,%d' % port ,
336- 'tcp' ,
337- 'from' , 'any' , 'to' , '%s/%s' % (snet ,swidth ),
338- 'not' , 'ipttl' , '42' , 'keep-state' , 'setup' )
341+ if dport > 0 :
342+ ipfw ('add' , sport , 'fwd' , '127.0.0.1,%d' % port ,
343+ 'tcp' ,
344+ 'from' , 'any' , 'to' , '%s/%s' % (snet ,swidth ),
345+ '%d' % dport ,
346+ 'not' , 'ipttl' , '42' , 'keep-state' , 'setup' )
347+ else :
348+ ipfw ('add' , sport , 'fwd' , '127.0.0.1,%d' % port ,
349+ 'tcp' ,
350+ 'from' , 'any' , 'to' , '%s/%s' % (snet ,swidth ),
351+ 'not' , 'ipttl' , '42' , 'keep-state' , 'setup' )
339352
340353 # This part is much crazier than it is on Linux, because MacOS (at least
341354 # 10.6, and probably other versions, and maybe FreeBSD too) doesn't
0 commit comments