diff options
| author | Hans Dedecker <dedeckeh@gmail.com> | 2019-04-29 16:03:11 +0200 |
|---|---|---|
| committer | Hans Dedecker <dedeckeh@gmail.com> | 2019-05-26 09:43:57 +0200 |
| commit | 470f5b31e334e496a868301c0cb8bc550c1ee4da (patch) | |
| tree | e869d0418b4f45ad7343f094ac032e35c1f64152 | |
| parent | ace241014c3764810e2a6cbf8ff2d5c525590712 (diff) | |
| download | upstream-470f5b31e334e496a868301c0cb8bc550c1ee4da.tar.gz upstream-470f5b31e334e496a868301c0cb8bc550c1ee4da.tar.bz2 upstream-470f5b31e334e496a868301c0cb8bc550c1ee4da.zip | |
464xlat: don't set default firewall zone to wan
Don't set the default firewall zone to wan if not specified to keep the
behavior aligned with other tunnel protocols like gre and 6rd.
If the interface zone is not specified try to get it from the firewall config
when constructing the procd firewall rule.
While at it only add a procd inbound firewall rule if a zone is specified.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
| -rw-r--r-- | package/network/ipv6/464xlat/Makefile | 2 | ||||
| -rwxr-xr-x | package/network/ipv6/464xlat/files/464xlat.sh | 28 |
2 files changed, 17 insertions, 13 deletions
diff --git a/package/network/ipv6/464xlat/Makefile b/package/network/ipv6/464xlat/Makefile index 9be09fa916..f4dce2e77d 100644 --- a/package/network/ipv6/464xlat/Makefile +++ b/package/network/ipv6/464xlat/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=464xlat -PKG_VERSION:=11 +PKG_VERSION:=12 PKG_SOURCE_DATE:=2018-01-16 PKG_MAINTAINER:=Hans Dedecker <dedeckeh@gmail.com> diff --git a/package/network/ipv6/464xlat/files/464xlat.sh b/package/network/ipv6/464xlat/files/464xlat.sh index e5fcf7db96..c90ac1af59 100755 --- a/package/network/ipv6/464xlat/files/464xlat.sh +++ b/package/network/ipv6/464xlat/files/464xlat.sh @@ -27,7 +27,7 @@ proto_464xlat_setup() { local ip6addr ip6prefix tunlink zone json_get_vars ip6addr ip6prefix tunlink zone - [ -z "$zone" ] && zone="wan" + [ "$zone" = "-" ] && zone="" ( proto_add_host_dependency "$cfg" "::" "$tunlink" ) @@ -53,25 +53,29 @@ proto_464xlat_setup() { proto_add_ipv6_route $ip6addr 128 "" "" "" "" 128 proto_add_data - [ "$zone" != "-" ] && json_add_string zone "$zone" + [ -n "$zone" ] && json_add_string zone "$zone" json_add_array firewall + [ -z "$zone" ] && zone=$(fw3 -q network $iface 2>/dev/null) + json_add_object "" json_add_string type nat json_add_string target SNAT json_add_string family inet json_add_string snat_ip 192.0.0.1 json_close_object - json_add_object "" - json_add_string type rule - json_add_string family inet6 - json_add_string proto all - json_add_string direction in - json_add_string dest "$zone" - json_add_string src "$zone" - json_add_string src_ip $ip6addr - json_add_string target ACCEPT - json_close_object + [ -n "$zone" ] && { + json_add_object "" + json_add_string type rule + json_add_string family inet6 + json_add_string proto all + json_add_string direction in + json_add_string dest "$zone" + json_add_string src "$zone" + json_add_string src_ip $ip6addr + json_add_string target ACCEPT + json_close_object + } json_close_array proto_close_data |