From bffa4f5ebf33df64d76abb361470dae01f1119fa Mon Sep 17 00:00:00 2001
From: Alejandro Mery <amery@geeks.cl>
Date: Thu, 22 Jan 2009 10:13:23 +0100
Subject: [PATCH] iptables: enhanced rocknet module to support a list of valid
 IPs when doing conduit

---
 network/iptables/rocknet_iptables.sh | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/network/iptables/rocknet_iptables.sh b/network/iptables/rocknet_iptables.sh
index 1d192d416..6118faf50 100644
--- a/network/iptables/rocknet_iptables.sh
+++ b/network/iptables/rocknet_iptables.sh
@@ -2,7 +2,7 @@
 # This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 #
 # Filename: package/.../iptables/rocknet_iptables.sh
-# Copyright (C) 2008 The OpenSDE Project
+# Copyright (C) 2008 - 2009 The OpenSDE Project
 # Copyright (C) 2004 - 2006 The T2 SDE Project
 #
 # More information can be found in the files COPYING and README.
@@ -102,17 +102,32 @@ public_conduit() {
 	# conduit (tcp|udp) port targetip[:targetport]
 	#
 	local proto=$1 port=$2
-	local targetip=$3 targetport=$2
+	local targetip=$3 targetport=$2 target=
+	local x=
+	shift 3
 
 	if [ "${targetip/:/}" != "$targetip" ]; then
 		targetport=${targetip#*:}
 		targetip=${targetip%:*}
 	fi
 
+	if [ "$targetport" = "$port" ]; then
+		target="$targetip"
+	else
+		target="$targetip:$targetport"
+	fi
+
 	addcode up 1 4 "iptables -t nat -A PREROUTING -i $if ${ip:+-d $ip} -p $proto \
-		 --dport $port -j DNAT --to $targetip:$targetport"
-	addcode up 1 4 "iptables -A forward_$if  -p $proto -d $targetip \
-		 --dport $targetport -j ACCEPT"
+		 --dport $port -j DNAT --to $target"
+	if [ $# -eq 0 ]; then
+		addcode up 1 4 "iptables -A forward_$if -p $proto -d $targetip \
+			 --dport $targetport -j ACCEPT"
+	else
+		for x; do
+			addcode up 1 4 "iptables -A forward_$if -p $proto -s $x -d $targetip \
+				 --dport $targetport -j ACCEPT"
+		done
+	fi
 
 	iptables_init_if
 }