Hi ,
I'm moving our checkpoint firewall ( 4.1 ) to iptables and linux .
this alone is worth your comments ;-) ..
we have a lot of objects and i was thinking of a way to put them all in a
script .
i was wondering if anyone uses external files and loops for objects .
i think an example will be more efficent ( my english sucks .. )
i have a file called internal_networks ->
cat internal_networks >
192.168.0.0/24
192.168.1.0/24
192.168.2.0/24
and so on
and the script has a loop
for net in `cat internal_networks` ;do
iptables -t nat -A PREROUTING -o eth0 -s $net -j MASQUARADE
done
will that be a good idea ? or would you recommend putting the vars n the
script and looping it ( e.g INTERNAL_NETS=`blah blah ` )
thanks
Moti
