mirror of https://github.com/hak5/openwrt.git
firewall: fix support for netranges in redirect and rule sections
SVN-Revision: 21640lede-17.01
parent
261d41a906
commit
e25fbfccdf
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
||||||
PKG_NAME:=firewall
|
PKG_NAME:=firewall
|
||||||
|
|
||||||
PKG_VERSION:=2
|
PKG_VERSION:=2
|
||||||
PKG_RELEASE:=4
|
PKG_RELEASE:=5
|
||||||
|
|
||||||
include $(INCLUDE_DIR)/package.mk
|
include $(INCLUDE_DIR)/package.mk
|
||||||
|
|
||||||
|
|
|
@ -87,8 +87,8 @@ config_get_ipaddr() {
|
||||||
|
|
||||||
local vers=
|
local vers=
|
||||||
case "$addr" in
|
case "$addr" in
|
||||||
*.*) vers=4 ;;
|
*.*) vers=4; mask="${mask:-32}" ;;
|
||||||
*:*) vers=6 ;;
|
*:*) vers=6; mask="${mask:-128}" ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
export ${NO_EXPORT:+-n} -- "${varn}=${addr}"
|
export ${NO_EXPORT:+-n} -- "${varn}=${addr}"
|
||||||
|
|
|
@ -42,8 +42,8 @@ fw_load_redirect() {
|
||||||
for redirect_proto in $redirect_proto; do
|
for redirect_proto in $redirect_proto; do
|
||||||
fw add $mode n zone_${redirect_src}_prerouting DNAT $ { $redirect_src_ip $redirect_dest_ip } { \
|
fw add $mode n zone_${redirect_src}_prerouting DNAT $ { $redirect_src_ip $redirect_dest_ip } { \
|
||||||
${redirect_proto:+-p $redirect_proto} \
|
${redirect_proto:+-p $redirect_proto} \
|
||||||
${redirect_src_ip:+-s $redirect_src_ip} \
|
${redirect_src_ip:+-s $redirect_src_ip/$redirect_src_ip_prefixlen} \
|
||||||
${redirect_src_dip:+-d $redirect_src_dip} \
|
${redirect_src_dip:+-d $redirect_src_dip/$redirect_src_dip_prefixlen} \
|
||||||
${redirect_src_port:+--sport $redirect_src_port} \
|
${redirect_src_port:+--sport $redirect_src_port} \
|
||||||
${redirect_src_dport:+--dport $redirect_src_dport} \
|
${redirect_src_dport:+--dport $redirect_src_dport} \
|
||||||
${redirect_src_mac:+-m mac --mac-source $redirect_src_mac} \
|
${redirect_src_mac:+-m mac --mac-source $redirect_src_mac} \
|
||||||
|
@ -53,7 +53,7 @@ fw_load_redirect() {
|
||||||
fw add $mode f zone_${redirect_src}_forward ACCEPT ^ { $redirect_src_ip $redirect_dest_ip } { \
|
fw add $mode f zone_${redirect_src}_forward ACCEPT ^ { $redirect_src_ip $redirect_dest_ip } { \
|
||||||
-d $redirect_dest_ip \
|
-d $redirect_dest_ip \
|
||||||
${redirect_proto:+-p $redirect_proto} \
|
${redirect_proto:+-p $redirect_proto} \
|
||||||
${redirect_src_ip:+-s $redirect_src_ip} \
|
${redirect_src_ip:+-s $redirect_src_ip/$redirect_src_ip_prefixlen} \
|
||||||
${redirect_src_port:+--sport $redirect_src_port} \
|
${redirect_src_port:+--sport $redirect_src_port} \
|
||||||
${fwd_dest_port:+--dport $fwd_dest_port} \
|
${fwd_dest_port:+--dport $fwd_dest_port} \
|
||||||
${redirect_src_mac:+-m mac --mac-source $redirect_src_mac} \
|
${redirect_src_mac:+-m mac --mac-source $redirect_src_mac} \
|
||||||
|
|
|
@ -56,10 +56,10 @@ fw_load_rule() {
|
||||||
for rule_proto in $rule_proto; do
|
for rule_proto in $rule_proto; do
|
||||||
fw add $mode f $chain $target $rule_pos { $rule_src_ip $rule_dest_ip } { \
|
fw add $mode f $chain $target $rule_pos { $rule_src_ip $rule_dest_ip } { \
|
||||||
${rule_proto:+-p $rule_proto} \
|
${rule_proto:+-p $rule_proto} \
|
||||||
${rule_src_ip:+-s $rule_src_ip} \
|
${rule_src_ip:+-s $rule_src_ip/$rule_src_ip_prefixlen} \
|
||||||
${rule_src_port:+--sport $rule_src_port} \
|
${rule_src_port:+--sport $rule_src_port} \
|
||||||
${rule_src_mac:+-m mac --mac-source $rule_src_mac} \
|
${rule_src_mac:+-m mac --mac-source $rule_src_mac} \
|
||||||
${rule_dest_ip:+-d $rule_dest_ip} \
|
${rule_dest_ip:+-d $rule_dest_ip/$rule_dest_ip_prefixlen} \
|
||||||
${rule_dest_port:+--dport $rule_dest_port} \
|
${rule_dest_port:+--dport $rule_dest_port} \
|
||||||
${rule_icmp_type:+--icmp-type $rule_icmp_type} \
|
${rule_icmp_type:+--icmp-type $rule_icmp_type} \
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue