firewall: allow symbolic names of interfaces and aliases in masq_src and masq_dest

SVN-Revision: 27196
owl
Jo-Philipp Wich 2011-06-16 21:54:59 +00:00
parent b97459eb88
commit c014101d73
3 changed files with 28 additions and 3 deletions

View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall PKG_NAME:=firewall
PKG_VERSION:=2 PKG_VERSION:=2
PKG_RELEASE:=25 PKG_RELEASE:=26
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk

View File

@ -245,9 +245,17 @@ fw_load_zone() {
if [ "$zone_masq" == 1 ]; then if [ "$zone_masq" == 1 ]; then
local msrc mdst local msrc mdst
for msrc in ${zone_masq_src:-0.0.0.0/0}; do for msrc in ${zone_masq_src:-0.0.0.0/0}; do
fw_get_negation msrc '-s' "$msrc" case "$msrc" in
*.*) fw_get_negation msrc '-s' "$msrc" ;;
*) fw_get_subnet4 msrc '-s' "$msrc" ;;
esac
for mdst in ${zone_masq_dest:-0.0.0.0/0}; do for mdst in ${zone_masq_dest:-0.0.0.0/0}; do
fw_get_negation mdst '-d' "$mdst" case "$mdst" in
*.*) fw_get_negation mdst '-d' "$mdst" ;;
*) fw_get_subnet4 mdst '-d' "$mdst" ;;
esac
fw add $mode n ${chain}_nat MASQUERADE $ { $msrc $mdst } fw add $mode n ${chain}_nat MASQUERADE $ { $msrc $mdst }
done done
done done

View File

@ -227,3 +227,20 @@ fw_get_negation() {
export -n -- "$_var=! $_flag ${_ipaddr#!}" || \ export -n -- "$_var=! $_flag ${_ipaddr#!}" || \
export -n -- "$_var=${_ipaddr:+$_flag $_ipaddr}" export -n -- "$_var=${_ipaddr:+$_flag $_ipaddr}"
} }
fw_get_subnet4() {
local _var="$1"
local _flag="$2"
local _name="$3"
local _ipaddr="$(uci_get_state network "${_name#!}" ipaddr)"
local _netmask="$(uci_get_state network "${_name#!}" netmask)"
case "$_ipaddr" in
*.*.*.*)
[ "${_name#!}" != "$_name" ] && \
export -n -- "$_var=! $_flag $_ipaddr/${_netmask:-255.255.255.255}" || \
export -n -- "$_var=$_flag $_ipaddr/${_netmask:-255.255.255.255}"
;;
esac
}