diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2010-05-19 21:35:23 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2010-05-19 21:35:23 +0000 |
commit | e903e01368e14da91b7fca79198449b97528cd61 (patch) | |
tree | 3737e742d161802a733eab5124b42e1925b77d22 /package/firewall/files/lib/fw.sh | |
parent | 2cce948705ac4c2e2ce007bc351fda4bf36506dc (diff) | |
download | master-187ad058-e903e01368e14da91b7fca79198449b97528cd61.tar.gz master-187ad058-e903e01368e14da91b7fca79198449b97528cd61.tar.bz2 master-187ad058-e903e01368e14da91b7fca79198449b97528cd61.zip |
[package] firewall:
- fix ip6tables rules when icmp_type option is set
- add "family" option to zones, forwardings, redirects and rules to selectively apply rules to iptables and/or ip6tables
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21508 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/firewall/files/lib/fw.sh')
-rw-r--r-- | package/firewall/files/lib/fw.sh | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh index 1dd5227c16..553642070c 100644 --- a/package/firewall/files/lib/fw.sh +++ b/package/firewall/files/lib/fw.sh @@ -155,7 +155,14 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> } fi fi while [ $# -gt 1 ]; do - echo -n "$1" + case "$app:$1" in + ip6tables:--icmp-type) echo -n "--icmpv6-type" ;; + ip6tables:icmp|ip6tables:ICMP) echo -n "icmpv6" ;; + iptables:--icmpv6-type) echo -n "--icmp-type" ;; + iptables:icmpv6) echo -n "icmp" ;; + *:}|*:{) shift; continue ;; + *) echo -n "$1" ;; + esac echo -ne "\0" shift done | xargs -0 ${FW_TRACE:+-t} \ @@ -180,3 +187,24 @@ fw_get_port_range() { fi } +fw_get_family_mode() { + local hint="$1" + local zone="$2" + local mode="$3" + + local ipv4 ipv6 + [ -n "$FW_ZONES4$FW_ZONES6" ] && { + list_contains FW_ZONES4 $zone && ipv4=1 || ipv4=0 + list_contains FW_ZONES6 $zone && ipv6=1 || ipv6=0 + } || { + ipv4=$(uci_get_state firewall core ${zone}_ipv4 0) + ipv6=$(uci_get_state firewall core ${zone}_ipv6 0) + } + + case "$hint:$ipv4:$ipv6" in + *4:1:*|*:1:0) echo 4 ;; + *6:*:1|*:0:1) echo 6 ;; + *) echo $mode ;; + esac +} + |