#!/bin/sh -e

. corridor-load-config

FIRST=x
while read PRIV PUB; do
	test -n "$PRIV" || continue

	if test -n "$FIRST"; then
		iptables -w -t nat -N CORRIDOR_SNAT
		iptables -w -t nat -I POSTROUTING -j CORRIDOR_SNAT
		FIRST=
	fi

	if test -n "$PUB"; then
		set SNAT --to-source "$PUB"
	else
		set MASQUERADE
	fi

	iptables -w -t nat -I CORRIDOR_SNAT -s "$PRIV" ! -d "$PRIV" -j "$@"
done <<-END
	$SNAT
END
