aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHans Dedecker <dedeckeh@gmail.com>2019-04-29 16:35:33 +0200
committerHans Dedecker <dedeckeh@gmail.com>2019-05-26 09:44:37 +0200
commitf54611b06d8867e4f17a0759b8c47f67cb3bc02c (patch)
tree6b4c339e11132b6cb68a1abe02d61f9af80c8a7c
parent470f5b31e334e496a868301c0cb8bc550c1ee4da (diff)
downloadupstream-f54611b06d8867e4f17a0759b8c47f67cb3bc02c.tar.gz
upstream-f54611b06d8867e4f17a0759b8c47f67cb3bc02c.tar.bz2
upstream-f54611b06d8867e4f17a0759b8c47f67cb3bc02c.zip
map: don't set default firewall zone to wan
Don't set the default firewall zone to wan if not specified to keep the behavior aligned with other tunnel protocols like gre and 6rd. If the interface zone is not specified try to get it from the firewall config when constructing the procd firewall rule. While at it only add procd inbound/outbound firewall rules if a zone is specified. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
-rw-r--r--package/network/ipv6/map/Makefile2
-rwxr-xr-xpackage/network/ipv6/map/files/map.sh48
2 files changed, 27 insertions, 23 deletions
diff --git a/package/network/ipv6/map/Makefile b/package/network/ipv6/map/Makefile
index 5a18c7b01f..f05f216a4c 100644
--- a/package/network/ipv6/map/Makefile
+++ b/package/network/ipv6/map/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=map
PKG_VERSION:=4
-PKG_RELEASE:=12
+PKG_RELEASE:=13
PKG_LICENSE:=GPL-2.0
include $(INCLUDE_DIR)/package.mk
diff --git a/package/network/ipv6/map/files/map.sh b/package/network/ipv6/map/files/map.sh
index 70dc72326c..6462e810cc 100755
--- a/package/network/ipv6/map/files/map.sh
+++ b/package/network/ipv6/map/files/map.sh
@@ -33,7 +33,7 @@ proto_map_setup() {
json_get_vars type mtu ttl tunlink zone encaplimit
json_get_vars rule ipaddr ip4prefixlen ip6prefix ip6prefixlen peeraddr ealen psidlen psid offset
- [ -z "$zone" ] && zone="wan"
+ [ "$zone" = "-" ] && zone=""
[ -z "$type" ] && type="map-e"
[ -z "$ip4prefixlen" ] && ip4prefixlen=32
@@ -129,7 +129,7 @@ proto_map_setup() {
proto_add_ipv4_route "0.0.0.0" 0
proto_add_data
- [ "$zone" != "-" ] && json_add_string zone "$zone"
+ [ -n "$zone" ] && json_add_string zone "$zone"
json_add_array firewall
if [ -z "$(eval "echo \$RULE_${k}_PORTSETS")" ]; then
@@ -155,26 +155,30 @@ proto_map_setup() {
done
fi
if [ "$type" = "map-t" ]; then
- json_add_object ""
- json_add_string type rule
- json_add_string family inet6
- json_add_string proto all
- json_add_string direction in
- json_add_string dest "$zone"
- json_add_string src "$zone"
- json_add_string src_ip $(eval "echo \$RULE_${k}_IPV6ADDR")
- json_add_string target ACCEPT
- json_close_object
- json_add_object ""
- json_add_string type rule
- json_add_string family inet6
- json_add_string proto all
- json_add_string direction out
- json_add_string dest "$zone"
- json_add_string src "$zone"
- json_add_string dest_ip $(eval "echo \$RULE_${k}_IPV6ADDR")
- json_add_string target ACCEPT
- json_close_object
+ [ -z "$zone" ] && zone=$(fw3 -q network $iface 2>/dev/null)
+
+ [ -n "$zone" ] && {
+ json_add_object ""
+ json_add_string type rule
+ json_add_string family inet6
+ json_add_string proto all
+ json_add_string direction in
+ json_add_string dest "$zone"
+ json_add_string src "$zone"
+ json_add_string src_ip $(eval "echo \$RULE_${k}_IPV6ADDR")
+ json_add_string target ACCEPT
+ json_close_object
+ json_add_object ""
+ json_add_string type rule
+ json_add_string family inet6
+ json_add_string proto all
+ json_add_string direction out
+ json_add_string dest "$zone"
+ json_add_string src "$zone"
+ json_add_string dest_ip $(eval "echo \$RULE_${k}_IPV6ADDR")
+ json_add_string target ACCEPT
+ json_close_object
+ }
proto_add_ipv6_route $(eval "echo \$RULE_${k}_IPV6ADDR") 128
fi
json_close_array