hak5
/
wifipineapple-openwrt
mirror of https://github.com/hak5/wifipineapple-openwrt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[package] firewall: 

- notrack support was broken in multiple ways, fix it
	- also consider a zone conntracked if any redirect references it (#7196)


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22215 3c298f89-4303-0410-b956-a3cf2f4a3e73
master
Jo-Philipp Wich 2010-07-15 22:01:48 +00:00
parent 956de1c120
commit df7742c8aa
5 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/firewall/Makefile
View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall PKG_NAME:=firewall
PKG_VERSION:=2 PKG_VERSION:=2
PKG_RELEASE:=6 PKG_RELEASE:=7
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk

2
package/firewall/files/lib/core.sh
View File

@ -39,7 +39,7 @@ fw_start() {
echo "Loading includes" echo "Loading includes"
config_foreach fw_load_include include config_foreach fw_load_include include
[ -n "$FW_NOTRACK_DISABLED" ] && { [ -z "$FW_NOTRACK_DISABLED" ] && {
echo "Optimizing conntrack" echo "Optimizing conntrack"
config_foreach fw_load_notrack_zone zone config_foreach fw_load_notrack_zone zone
} }

8
package/firewall/files/lib/core_forwarding.sh
View File

@ -32,11 +32,11 @@ fw_load_forwarding() {
fw add $mode f $chain $target ^ fw add $mode f $chain $target ^
# propagate masq zone flag # propagate masq zone flag
[ -n "$forwarding_src" ] && list_contains CONNTRACK_ZONES $forwarding_src && { [ -n "$forwarding_src" ] && list_contains FW_CONNTRACK_ZONES $forwarding_src && {
append CONNTRACK_ZONES $forwarding_dest append FW_CONNTRACK_ZONES $forwarding_dest
} }
[ -n "$forwarding_dest" ] && list_contains CONNTRACK_ZONES $forwarding_dest && { [ -n "$forwarding_dest" ] && list_contains FW_CONNTRACK_ZONES $forwarding_dest && {
append CONNTRACK_ZONES $forwarding_src append FW_CONNTRACK_ZONES $forwarding_src
} }
fw_callback post forwarding fw_callback post forwarding

5
package/firewall/files/lib/core_init.sh
View File

@ -228,13 +228,12 @@ fw_load_zone() {
} }
fw_load_notrack_zone() { fw_load_notrack_zone() {
list_contains FW_CONNTRACK_ZONES "$1" && return
fw_config_get_zone "$1" fw_config_get_zone "$1"
list_contains FW_CONNTRACK_ZONES "${zone_name}" && return
fw_callback pre notrack fw_callback pre notrack
fw add i f zone_${zone_name}_notrack NOTRACK $ fw add i r zone_${zone_name}_notrack NOTRACK $
fw_callback post notrack fw_callback post notrack
} }

3
package/firewall/files/lib/core_redirect.sh
View File

@ -30,6 +30,9 @@ fw_load_redirect() {
fw_die "redirect ${redirect_name}: needs src and dest_ip" fw_die "redirect ${redirect_name}: needs src and dest_ip"
} }
list_contains FW_CONNTRACK_ZONES $redirect_src || \
append FW_CONNTRACK_ZONES $redirect_src
local mode=$(fw_get_family_mode ${redirect_family:-x} $redirect_src I) local mode=$(fw_get_family_mode ${redirect_family:-x} $redirect_src I)
local nat_dest_port=$redirect_dest_port local nat_dest_port=$redirect_dest_port