summaryrefslogtreecommitdiff
path: root/package/firewall/files
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2012-05-28 03:15:05 +0000
committerJo-Philipp Wich <jow@openwrt.org>2012-05-28 03:15:05 +0000
commit963a0cd98beabbf748ec766939696f82221af044 (patch)
treef46abc7c2777ea718c5b6f7c763f8580ae963257 /package/firewall/files
parentf1d04190c5f691a07786fa79e912b62f8777080f (diff)
downloadmtk-20170518-963a0cd98beabbf748ec766939696f82221af044.zip
mtk-20170518-963a0cd98beabbf748ec766939696f82221af044.tar.gz
mtk-20170518-963a0cd98beabbf748ec766939696f82221af044.tar.bz2
firewall: fix nat reflection after netifd status format change - use /lib/functions/network.sh - simplify nat reflection code
SVN-Revision: 31936
Diffstat (limited to 'package/firewall/files')
-rw-r--r--package/firewall/files/reflection.hotplug56
1 files changed, 9 insertions, 47 deletions
diff --git a/package/firewall/files/reflection.hotplug b/package/firewall/files/reflection.hotplug
index 62f5097..2da0be9 100644
--- a/package/firewall/files/reflection.hotplug
+++ b/package/firewall/files/reflection.hotplug
@@ -1,48 +1,11 @@
#!/bin/sh
-. /etc/functions.sh
-. /usr/share/libubox/jshn.sh
-
-find_iface_address()
-{
- local iface="$1"
- local ipaddr="$2"
- local prefix="$3"
-
- local idx=1
- local tmp="$(ubus call network.interface."$iface" status 2>/dev/null)"
-
- json_load "${tmp:-{}}"
- json_get_type tmp address
-
- if [ "$tmp" = array ]; then
- json_select address
-
- while true; do
- json_get_type tmp $idx
- [ "$tmp" = object ] || break
-
- json_select $((idx++))
- json_get_var tmp address
-
- case "$tmp" in
- *:*) json_select .. ;;
- *)
- [ -n "$ipaddr" ] && json_get_var $ipaddr address
- [ -n "$prefix" ] && json_get_var $prefix mask
- return 0
- ;;
- esac
- done
- fi
-
- return 1
-}
+. /lib/functions.sh
+. /lib/functions/network.sh
if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
local wanip
- find_iface_address wan wanip
- [ -n "$wanip" ] || return
+ network_get_ipaddr wanip wan || return
iptables -t nat -F nat_reflection_in 2>/dev/null || {
iptables -t nat -N nat_reflection_in
@@ -99,9 +62,8 @@ if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
local net
for net in $(find_networks "$dest"); do
- local lanip lanmk
- find_iface_address "$net" lanip lanmk
- [ -n "$lanip" ] || return
+ local lannet
+ network_get_subnet lannet "$net" || return
local proto
config_get proto "$cfg" proto
@@ -144,17 +106,17 @@ if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
case "$p" in
tcp|udp|6|17)
iptables -t nat -A nat_reflection_in \
- -s $lanip/$lanmk -d $exthost \
+ -s $lannet -d $exthost \
-p $p $extport \
-j DNAT --to $inthost:${ipmin#!}${ipmax:+-$ipmax}
iptables -t nat -A nat_reflection_out \
- -s $lanip/$lanmk -d $inthost \
+ -s $lannet -d $inthost \
-p $p $intport \
- -j SNAT --to-source $lanip
+ -j SNAT --to-source ${lannet%%/*}
iptables -t filter -A nat_reflection_fwd \
- -s $lanip/$lanmk -d $inthost \
+ -s $lannet -d $inthost \
-p $p $intport \
-j ACCEPT
;;