diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2011-06-16 21:54:59 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2011-06-16 21:54:59 +0000 |
commit | c014101d733d2e27ee4a03d01e3382da0434106f (patch) | |
tree | 60413e903d908b7d92e8b1ff7b1bed4f8bd02d2d | |
parent | b97459eb887d05ad4d01e13e431d4d1f40f0f6a9 (diff) | |
download | mtk-20170518-c014101d733d2e27ee4a03d01e3382da0434106f.zip mtk-20170518-c014101d733d2e27ee4a03d01e3382da0434106f.tar.gz mtk-20170518-c014101d733d2e27ee4a03d01e3382da0434106f.tar.bz2 |
firewall: allow symbolic names of interfaces and aliases in masq_src and masq_dest
SVN-Revision: 27196
-rw-r--r-- | package/firewall/Makefile | 2 | ||||
-rw-r--r-- | package/firewall/files/lib/core_init.sh | 12 | ||||
-rw-r--r-- | package/firewall/files/lib/fw.sh | 17 |
3 files changed, 28 insertions, 3 deletions
diff --git a/package/firewall/Makefile b/package/firewall/Makefile index 829719c..f8510f1 100644 --- a/package/firewall/Makefile +++ b/package/firewall/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=firewall PKG_VERSION:=2 -PKG_RELEASE:=25 +PKG_RELEASE:=26 include $(INCLUDE_DIR)/package.mk diff --git a/package/firewall/files/lib/core_init.sh b/package/firewall/files/lib/core_init.sh index 42124b3..185fffb 100644 --- a/package/firewall/files/lib/core_init.sh +++ b/package/firewall/files/lib/core_init.sh @@ -245,9 +245,17 @@ fw_load_zone() { if [ "$zone_masq" == 1 ]; then local msrc mdst for msrc in ${zone_masq_src:-0.0.0.0/0}; do - fw_get_negation msrc '-s' "$msrc" + case "$msrc" in + *.*) fw_get_negation msrc '-s' "$msrc" ;; + *) fw_get_subnet4 msrc '-s' "$msrc" ;; + esac + for mdst in ${zone_masq_dest:-0.0.0.0/0}; do - fw_get_negation mdst '-d' "$mdst" + case "$mdst" in + *.*) fw_get_negation mdst '-d' "$mdst" ;; + *) fw_get_subnet4 mdst '-d' "$mdst" ;; + esac + fw add $mode n ${chain}_nat MASQUERADE $ { $msrc $mdst } done done diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh index 16a39b6..19dddef 100644 --- a/package/firewall/files/lib/fw.sh +++ b/package/firewall/files/lib/fw.sh @@ -227,3 +227,20 @@ fw_get_negation() { export -n -- "$_var=! $_flag ${_ipaddr#!}" || \ export -n -- "$_var=${_ipaddr:+$_flag $_ipaddr}" } + +fw_get_subnet4() { + local _var="$1" + local _flag="$2" + local _name="$3" + + local _ipaddr="$(uci_get_state network "${_name#!}" ipaddr)" + local _netmask="$(uci_get_state network "${_name#!}" netmask)" + + case "$_ipaddr" in + *.*.*.*) + [ "${_name#!}" != "$_name" ] && \ + export -n -- "$_var=! $_flag $_ipaddr/${_netmask:-255.255.255.255}" || \ + export -n -- "$_var=$_flag $_ipaddr/${_netmask:-255.255.255.255}" + ;; + esac +} |