diff options
Diffstat (limited to 'package')
| -rw-r--r-- | package/firewall/Makefile | 2 | ||||
| -rw-r--r-- | package/firewall/files/lib/core_redirect.sh | 16 | ||||
| -rw-r--r-- | package/firewall/files/reflection.hotplug | 5 |
3 files changed, 19 insertions, 4 deletions
diff --git a/package/firewall/Makefile b/package/firewall/Makefile index 599126ae1..b6d42ceba 100644 --- a/package/firewall/Makefile +++ b/package/firewall/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=firewall PKG_VERSION:=2 -PKG_RELEASE:=11 +PKG_RELEASE:=12 include $(INCLUDE_DIR)/package.mk diff --git a/package/firewall/files/lib/core_redirect.sh b/package/firewall/files/lib/core_redirect.sh index 15d01b0a7..913f96356 100644 --- a/package/firewall/files/lib/core_redirect.sh +++ b/package/firewall/files/lib/core_redirect.sh @@ -17,6 +17,7 @@ fw_config_get_redirect() { string dest_port "" \ string proto "tcpudp" \ string family "" \ + string target "DNAT" \ } || return [ -n "$redirect_name" ] || redirect_name=$redirect__name } @@ -30,6 +31,17 @@ fw_load_redirect() { fw_die "redirect ${redirect_name}: needs src and dest_ip or dest_port" } + local chain destopt + if [ "$redirect_target" == "DNAT" ]; then + chain="zone_${redirect_src}_prerouting" + destopt="--to-destination" + elif [ "$redirect_target" == "SNAT" ]; then + chain="zone_${redirect_src}_nat" + destopt="--to-source" + else + fw_die "redirect ${redirect_name}: target must be either DNAT or SNAT" + fi + list_contains FW_CONNTRACK_ZONES $redirect_src || \ append FW_CONNTRACK_ZONES $redirect_src @@ -43,14 +55,14 @@ fw_load_redirect() { [ "$redirect_proto" == "tcpudp" ] && redirect_proto="tcp udp" for redirect_proto in $redirect_proto; do - fw add $mode n zone_${redirect_src}_prerouting DNAT $ { $redirect_src_ip $redirect_dest_ip } { \ + fw add $mode n $chain $redirect_target $ { $redirect_src_ip $redirect_dest_ip } { \ ${redirect_proto:+-p $redirect_proto} \ ${redirect_src_ip:+-s $redirect_src_ip/$redirect_src_ip_prefixlen} \ ${redirect_src_dip:+-d $redirect_src_dip/$redirect_src_dip_prefixlen} \ ${redirect_src_port:+--sport $redirect_src_port} \ ${redirect_src_dport:+--dport $redirect_src_dport} \ ${redirect_src_mac:+-m mac --mac-source $redirect_src_mac} \ - --to-destination ${redirect_dest_ip}${redirect_dest_port:+:$nat_dest_port} \ + $destopt ${redirect_dest_ip}${redirect_dest_port:+:$nat_dest_port} \ } [ -n "$redirect_dest_ip" ] && \ diff --git a/package/firewall/files/reflection.hotplug b/package/firewall/files/reflection.hotplug index 6b1cd60f2..027d2ed8b 100644 --- a/package/firewall/files/reflection.hotplug +++ b/package/firewall/files/reflection.hotplug @@ -41,7 +41,10 @@ if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then local src config_get src "$cfg" src - [ "$src" = wan ] && { + local target + config_get target "$cfg" target DNAT + + [ "$src" = wan ] && [ "$target" = DNAT ] && { local dest config_get dest "$cfg" dest "lan" |