From 3da91f14d1a53448bb86a67ff2c924d3a109eaf9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= <lauri@pinecrypt.com>
Date: Wed, 2 Jun 2021 18:44:02 +0000
Subject: [PATCH] Make masquerade toggleable

---
 pinecrypt/server/cli.py   | 3 ++-
 pinecrypt/server/const.py | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/pinecrypt/server/cli.py b/pinecrypt/server/cli.py
index c06678e..b027388 100644
--- a/pinecrypt/server/cli.py
+++ b/pinecrypt/server/cli.py
@@ -267,7 +267,8 @@ def pinecone_provision():
         yield ":INPUT ACCEPT [0:0]"
         yield ":OUTPUT ACCEPT [0:0]"
         yield ":POSTROUTING ACCEPT [0:0]"
-        yield "-A POSTROUTING -j MASQUERADE"
+        if not const.DISABLE_MASQUERADE:
+            yield "-A POSTROUTING -j MASQUERADE"
         yield "COMMIT"
 
     with open("/tmp/rules4", "w") as fh:
diff --git a/pinecrypt/server/const.py b/pinecrypt/server/const.py
index d334675..c698e76 100644
--- a/pinecrypt/server/const.py
+++ b/pinecrypt/server/const.py
@@ -177,4 +177,5 @@ SESSION_AGE = 3600
 
 SECRET_STORAGE = getenv_in("SECRET_STORAGE", "fs", "db")
 
-DISABLE_FIREWALL = os.getenv("DISABLE_FIREWALL") == "True" if os.getenv("DISABLE_FIREWALL") else False
+DISABLE_FIREWALL = os.getenv("DISABLE_FIREWALL")
+DISABLE_MASQUERADE = os.getenv("DISABLE_MASQUERADE")