diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2010-05-19 21:35:23 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2010-05-19 21:35:23 +0000 |
commit | e903e01368e14da91b7fca79198449b97528cd61 (patch) | |
tree | 3737e742d161802a733eab5124b42e1925b77d22 /package/firewall/files/lib/core_redirect.sh | |
parent | 2cce948705ac4c2e2ce007bc351fda4bf36506dc (diff) | |
download | upstream-e903e01368e14da91b7fca79198449b97528cd61.tar.gz upstream-e903e01368e14da91b7fca79198449b97528cd61.tar.bz2 upstream-e903e01368e14da91b7fca79198449b97528cd61.zip |
[package] firewall:
- fix ip6tables rules when icmp_type option is set
- add "family" option to zones, forwardings, redirects and rules to selectively apply rules to iptables and/or ip6tables
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21508 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/firewall/files/lib/core_redirect.sh')
-rw-r--r-- | package/firewall/files/lib/core_redirect.sh | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/package/firewall/files/lib/core_redirect.sh b/package/firewall/files/lib/core_redirect.sh index 0f0ccffe00..c19c494084 100644 --- a/package/firewall/files/lib/core_redirect.sh +++ b/package/firewall/files/lib/core_redirect.sh @@ -16,6 +16,7 @@ fw_config_get_redirect() { string dest_mac "" \ string dest_port "" \ string proto "tcpudp" \ + string family "" \ } || return [ -n "$redirect_name" ] || redirect_name=$redirect__name } @@ -29,6 +30,8 @@ fw_load_redirect() { fw_die "redirect ${redirect_name}: needs src and dest_ip" } + local mode=$(fw_get_family_mode ${redirect_family:-x} $redirect_src I) + local nat_dest_port=$redirect_dest_port redirect_dest_port=$(fw_get_port_range $redirect_dest_port) redirect_src_port=$(fw_get_port_range $redirect_src_port) @@ -37,7 +40,7 @@ fw_load_redirect() { [ "$redirect_proto" == "tcpudp" ] && redirect_proto="tcp udp" for redirect_proto in $redirect_proto; do - fw add I n zone_${redirect_src}_prerouting DNAT $ { $redirect_src_ip $redirect_dest_ip } { \ + fw add $mode n zone_${redirect_src}_prerouting DNAT $ { $redirect_src_ip $redirect_dest_ip } { \ ${redirect_proto:+-p $redirect_proto} \ ${redirect_src_ip:+-s $redirect_src_ip} \ ${redirect_src_dip:+-d $redirect_src_dip} \ @@ -47,7 +50,7 @@ fw_load_redirect() { --to-destination ${redirect_dest_ip}${redirect_dest_port:+:$nat_dest_port} \ } - fw add I f zone_${redirect_src}_forward ACCEPT ^ { $redirect_src_ip $redirect_dest_ip } { \ + fw add $mode f zone_${redirect_src}_forward ACCEPT ^ { $redirect_src_ip $redirect_dest_ip } { \ -d $redirect_dest_ip \ ${redirect_proto:+-p $redirect_proto} \ ${redirect_src_ip:+-s $redirect_src_ip} \ |