aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2010-09-05 20:17:23 +0000
committerJo-Philipp Wich <jow@openwrt.org>2010-09-05 20:17:23 +0000
commit5ab58aa39c43eca75866fc478445821bb45b4125 (patch)
treea13e53386bdb9e6c64ce6388429517b2409c12bd
parenteb79296cc10f6168892278b4aa921566178b1f20 (diff)
downloadupstream-5ab58aa39c43eca75866fc478445821bb45b4125.tar.gz
upstream-5ab58aa39c43eca75866fc478445821bb45b4125.tar.bz2
upstream-5ab58aa39c43eca75866fc478445821bb45b4125.zip
firewall: - fix possible endless loop when the family option is used for forwardings - only generate forwarding rules in SNAT redirect sections if src_dip is specified
SVN-Revision: 22938
-rw-r--r--package/firewall/files/lib/core_redirect.sh8
-rw-r--r--package/firewall/files/lib/fw.sh2
2 files changed, 6 insertions, 4 deletions
diff --git a/package/firewall/files/lib/core_redirect.sh b/package/firewall/files/lib/core_redirect.sh
index 913f963562..2f0e38f393 100644
--- a/package/firewall/files/lib/core_redirect.sh
+++ b/package/firewall/files/lib/core_redirect.sh
@@ -31,13 +31,15 @@ fw_load_redirect() {
fw_die "redirect ${redirect_name}: needs src and dest_ip or dest_port"
}
- local chain destopt
+ local chain destopt destaddr
if [ "$redirect_target" == "DNAT" ]; then
chain="zone_${redirect_src}_prerouting"
destopt="--to-destination"
+ destaddr="$redirect_dest_ip"
elif [ "$redirect_target" == "SNAT" ]; then
chain="zone_${redirect_src}_nat"
destopt="--to-source"
+ destaddr="$redirect_src_dip"
else
fw_die "redirect ${redirect_name}: target must be either DNAT or SNAT"
fi
@@ -65,9 +67,9 @@ fw_load_redirect() {
$destopt ${redirect_dest_ip}${redirect_dest_port:+:$nat_dest_port} \
}
- [ -n "$redirect_dest_ip" ] && \
+ [ -n "$destaddr" ] && \
fw add $mode f zone_${redirect_src}_forward ACCEPT ^ { $redirect_src_ip $redirect_dest_ip } { \
- -d $redirect_dest_ip \
+ -d $destaddr \
${redirect_proto:+-p $redirect_proto} \
${redirect_src_ip:+-s $redirect_src_ip/$redirect_src_ip_prefixlen} \
${redirect_src_port:+--sport $redirect_src_port} \
diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh
index 819aa48eae..aaf3d14ef0 100644
--- a/package/firewall/files/lib/fw.sh
+++ b/package/firewall/files/lib/fw.sh
@@ -149,7 +149,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
fi
case "$fam" in
- G*) shift; while [ "$1" != "{" ]; do shift; done ;;
+ G*) shift; while [ $# -gt 0 ] && [ "$1" != "{" ]; do shift; done ;;
esac
if [ $# -gt 0 ]; then