# In case this script crashed or was interrupted earlier, flush, unlink and
# delete the temp chain.
iptables -t nat -F BOOTSTACK_MASQ_NEW || true
iptables -t nat -D POSTROUTING -j BOOTSTACK_MASQ_NEW || true
iptables -t nat -X BOOTSTACK_MASQ_NEW || true
iptables -t nat -N BOOTSTACK_MASQ_NEW
# Build the chain we want.
{{#bootstack.masquerade_networks}}
NETWORK={{.}}
# Workaround iptables not permitting two -d parameters in one call.
iptables -t nat -A BOOTSTACK_MASQ_NEW -s $NETWORK -d 192.168.122.1 -j RETURN
iptables -t nat -A BOOTSTACK_MASQ_NEW -s $NETWORK ! -d $NETWORK -j MASQUERADE
iptables -t nat -A POSTROUTING -s $NETWORK -o eth0 -j MASQUERADE
{{/bootstack.masquerade_networks}}
# Link it in.
iptables -t nat -I POSTROUTING -j BOOTSTACK_MASQ_NEW
# Delete the old chain if present.
iptables -t nat -F BOOTSTACK_MASQ || true
iptables -t nat -D POSTROUTING -j BOOTSTACK_MASQ || true
iptables -t nat -X BOOTSTACK_MASQ || true
# Rename the new chain into permanence.
iptables -t nat -E BOOTSTACK_MASQ_NEW BOOTSTACK_MASQ
# remove forwarding rule (fixes bug 1183099)
iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited