aboutsummaryrefslogtreecommitdiffstats
path: root/package/firewall
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2010-05-30 23:49:47 +0000
committerJo-Philipp Wich <jow@openwrt.org>2010-05-30 23:49:47 +0000
commit864132cf2c7bc1693c35cf625c81f16f27fb2f9f (patch)
tree09f8a46f20193eb093641883100835aa83097ebf /package/firewall
parentd156518f0872807bfde07b1948e9426f1f3b6dac (diff)
downloadupstream-864132cf2c7bc1693c35cf625c81f16f27fb2f9f.tar.gz
upstream-864132cf2c7bc1693c35cf625c81f16f27fb2f9f.tar.bz2
upstream-864132cf2c7bc1693c35cf625c81f16f27fb2f9f.zip
[package] firewall: fix support for netranges in redirect and rule sections
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21640 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/firewall')
-rw-r--r--package/firewall/Makefile2
-rw-r--r--package/firewall/files/lib/config.sh4
-rw-r--r--package/firewall/files/lib/core_redirect.sh6
-rw-r--r--package/firewall/files/lib/core_rule.sh4
4 files changed, 8 insertions, 8 deletions
diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 4f4f71c325..2387df247b 100644
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall
PKG_VERSION:=2
-PKG_RELEASE:=4
+PKG_RELEASE:=5
include $(INCLUDE_DIR)/package.mk
diff --git a/package/firewall/files/lib/config.sh b/package/firewall/files/lib/config.sh
index 1c5e030961..c21391266a 100644
--- a/package/firewall/files/lib/config.sh
+++ b/package/firewall/files/lib/config.sh
@@ -87,8 +87,8 @@ config_get_ipaddr() {
local vers=
case "$addr" in
- *.*) vers=4 ;;
- *:*) vers=6 ;;
+ *.*) vers=4; mask="${mask:-32}" ;;
+ *:*) vers=6; mask="${mask:-128}" ;;
esac
export ${NO_EXPORT:+-n} -- "${varn}=${addr}"
diff --git a/package/firewall/files/lib/core_redirect.sh b/package/firewall/files/lib/core_redirect.sh
index c19c494084..87f584e37b 100644
--- a/package/firewall/files/lib/core_redirect.sh
+++ b/package/firewall/files/lib/core_redirect.sh
@@ -42,8 +42,8 @@ fw_load_redirect() {
for redirect_proto in $redirect_proto; do
fw add $mode n zone_${redirect_src}_prerouting DNAT $ { $redirect_src_ip $redirect_dest_ip } { \
${redirect_proto:+-p $redirect_proto} \
- ${redirect_src_ip:+-s $redirect_src_ip} \
- ${redirect_src_dip:+-d $redirect_src_dip} \
+ ${redirect_src_ip:+-s $redirect_src_ip/$redirect_src_ip_prefixlen} \
+ ${redirect_src_dip:+-d $redirect_src_dip/$redirect_src_dip_prefixlen} \
${redirect_src_port:+--sport $redirect_src_port} \
${redirect_src_dport:+--dport $redirect_src_dport} \
${redirect_src_mac:+-m mac --mac-source $redirect_src_mac} \
@@ -53,7 +53,7 @@ fw_load_redirect() {
fw add $mode f zone_${redirect_src}_forward ACCEPT ^ { $redirect_src_ip $redirect_dest_ip } { \
-d $redirect_dest_ip \
${redirect_proto:+-p $redirect_proto} \
- ${redirect_src_ip:+-s $redirect_src_ip} \
+ ${redirect_src_ip:+-s $redirect_src_ip/$redirect_src_ip_prefixlen} \
${redirect_src_port:+--sport $redirect_src_port} \
${fwd_dest_port:+--dport $fwd_dest_port} \
${redirect_src_mac:+-m mac --mac-source $redirect_src_mac} \
diff --git a/package/firewall/files/lib/core_rule.sh b/package/firewall/files/lib/core_rule.sh
index 7beb153ba7..f93d49ebcf 100644
--- a/package/firewall/files/lib/core_rule.sh
+++ b/package/firewall/files/lib/core_rule.sh
@@ -56,10 +56,10 @@ fw_load_rule() {
for rule_proto in $rule_proto; do
fw add $mode f $chain $target $rule_pos { $rule_src_ip $rule_dest_ip } { \
${rule_proto:+-p $rule_proto} \
- ${rule_src_ip:+-s $rule_src_ip} \
+ ${rule_src_ip:+-s $rule_src_ip/$rule_src_ip_prefixlen} \
${rule_src_port:+--sport $rule_src_port} \
${rule_src_mac:+-m mac --mac-source $rule_src_mac} \
- ${rule_dest_ip:+-d $rule_dest_ip} \
+ ${rule_dest_ip:+-d $rule_dest_ip/$rule_dest_ip_prefixlen} \
${rule_dest_port:+--dport $rule_dest_port} \
${rule_icmp_type:+--icmp-type $rule_icmp_type} \
}