diff options
Diffstat (limited to 'package/firewall')
| -rw-r--r-- | package/firewall/Makefile | 2 | ||||
| -rw-r--r-- | package/firewall/files/lib/core.sh | 2 | ||||
| -rw-r--r-- | package/firewall/files/lib/core_forwarding.sh | 8 | ||||
| -rw-r--r-- | package/firewall/files/lib/core_init.sh | 5 | ||||
| -rw-r--r-- | package/firewall/files/lib/core_redirect.sh | 3 |
5 files changed, 11 insertions, 9 deletions
diff --git a/package/firewall/Makefile b/package/firewall/Makefile index b81531bdf..b1969d9ab 100644 --- a/package/firewall/Makefile +++ b/package/firewall/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=firewall PKG_VERSION:=2 -PKG_RELEASE:=6 +PKG_RELEASE:=7 include $(INCLUDE_DIR)/package.mk diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh index 5880cd3ac..03a80c6f6 100644 --- a/package/firewall/files/lib/core.sh +++ b/package/firewall/files/lib/core.sh @@ -39,7 +39,7 @@ fw_start() { echo "Loading includes" config_foreach fw_load_include include - [ -n "$FW_NOTRACK_DISABLED" ] && { + [ -z "$FW_NOTRACK_DISABLED" ] && { echo "Optimizing conntrack" config_foreach fw_load_notrack_zone zone } diff --git a/package/firewall/files/lib/core_forwarding.sh b/package/firewall/files/lib/core_forwarding.sh index 689e2628c..b62e18a76 100644 --- a/package/firewall/files/lib/core_forwarding.sh +++ b/package/firewall/files/lib/core_forwarding.sh @@ -32,11 +32,11 @@ fw_load_forwarding() { fw add $mode f $chain $target ^ # propagate masq zone flag - [ -n "$forwarding_src" ] && list_contains CONNTRACK_ZONES $forwarding_src && { - append CONNTRACK_ZONES $forwarding_dest + [ -n "$forwarding_src" ] && list_contains FW_CONNTRACK_ZONES $forwarding_src && { + append FW_CONNTRACK_ZONES $forwarding_dest } - [ -n "$forwarding_dest" ] && list_contains CONNTRACK_ZONES $forwarding_dest && { - append CONNTRACK_ZONES $forwarding_src + [ -n "$forwarding_dest" ] && list_contains FW_CONNTRACK_ZONES $forwarding_dest && { + append FW_CONNTRACK_ZONES $forwarding_src } fw_callback post forwarding diff --git a/package/firewall/files/lib/core_init.sh b/package/firewall/files/lib/core_init.sh index 92d117160..a55ace17c 100644 --- a/package/firewall/files/lib/core_init.sh +++ b/package/firewall/files/lib/core_init.sh @@ -228,13 +228,12 @@ fw_load_zone() { } fw_load_notrack_zone() { - list_contains FW_CONNTRACK_ZONES "$1" && return - fw_config_get_zone "$1" + list_contains FW_CONNTRACK_ZONES "${zone_name}" && return fw_callback pre notrack - fw add i f zone_${zone_name}_notrack NOTRACK $ + fw add i r zone_${zone_name}_notrack NOTRACK $ fw_callback post notrack } diff --git a/package/firewall/files/lib/core_redirect.sh b/package/firewall/files/lib/core_redirect.sh index 87f584e37..b51f79390 100644 --- a/package/firewall/files/lib/core_redirect.sh +++ b/package/firewall/files/lib/core_redirect.sh @@ -30,6 +30,9 @@ fw_load_redirect() { fw_die "redirect ${redirect_name}: needs src and dest_ip" } + list_contains FW_CONNTRACK_ZONES $redirect_src || \ + append FW_CONNTRACK_ZONES $redirect_src + local mode=$(fw_get_family_mode ${redirect_family:-x} $redirect_src I) local nat_dest_port=$redirect_dest_port |