Last active
July 24, 2023 19:32
-
-
Save ljwobker/7104a950be31dbe61d5147b2fb581cb2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| rules = { | |
| # 'pinhole name/comment' : [outside_port, protocol, inside_host, inside_port] | |
| 'Joe web server' : ['80' , 'tcp', '192.168.1.35', '80' ], | |
| 'trusted inside SSH' : ['1999' , 'tcp', '192.168.1.40', '22' ], | |
| } | |
| inside_subnet = '192.168.15.0/24' | |
| build_hairpins = True # set this if you want the inside hairpin rules built as well | |
| for comment, map in rules.items(): | |
| rule = f"ip firewall nat add comment=\"{comment}\" action=dst-nat chain=dstnat" | |
| rule += f" protocol={map[1]} dst-port={map[0]} in-interface-list=WAN" | |
| rule += f" to-addresses={map[2]} to-ports={map[3]}" | |
| pin_rule = f"ip firewall nat add action=dst-nat chain=dstnat dst-address-list=WAN " | |
| pin_rule += f" protocol={map[1]} dst-port={map[0]} src-address={inside_subnet} " | |
| pin_rule += f" to-addresses={map[2]} to-ports={map[3]} comment=\"{comment} hairpin\"" | |
| print(rule) | |
| if build_hairpins: | |
| print(pin_rule) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment