reset all masquerade rules and set only for whitelisted ip

linux, bash

#!/bin/bash

#by me ;)

_input=./whitelist.db

IPT=/sbin/iptables

# Die if file not found

[ ! -f "$_input" ] && { echo "$0: File $_input not found."; exit 1; }

#clear (postrouting)

for i in $(iptables-save -t nat | grep MASQUERADE)

do

 $IPT -t nat -D POSTROUTING 1 > /dev/null 2>&1

done

egrep -v "^#|^$" $_input | while IFS= read -r ip

do

 $IPT -t nat -A POSTROUTING -s $ip -j MASQUERADE

done <"${_input}"

file whitelist.db example

10.0.0.7

10.0.0.8