Changeset 29687


Ignore:
Timestamp:
2012-01-08T16:29:24+01:00 (6 years ago)
Author:
jow
Message:

[package] firewall: add support for "local" port forwards which target an internal address on the router itself

Location:
trunk/package/firewall
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/package/firewall/Makefile

    r29577 r29687  
    11# 
    2 # Copyright (C) 2008-2011 OpenWrt.org 
     2# Copyright (C) 2008-2012 OpenWrt.org 
    33# 
    44# This is free software, licensed under the GNU General Public License v2. 
     
    1010 
    1111PKG_VERSION:=2 
    12 PKG_RELEASE:=43 
     12PKG_RELEASE:=44 
    1313 
    1414include $(INCLUDE_DIR)/package.mk 
  • trunk/package/firewall/files/lib/core_redirect.sh

    r27519 r29687  
    3535                } 
    3636 
    37                 fwdchain="zone_${redirect_src}${redirect_dest_ip:+_forward}" 
     37                fwdopt="" 
     38                fwdchain="" 
     39 
     40                # Check whether only ports are given or whether the given dest ip is local, 
     41                # in this case match only DNATed traffic and allow it on input, not forward 
     42                if [ -z "$redirect_dest_ip" ] || /sbin/ifconfig | grep -qE "addr:${redirect_dest_ip//./\\.}\b"; then 
     43                        fwdopt="-m conntrack --ctstate DNAT" 
     44                        fwdchain="zone_${redirect_src}" 
     45                else 
     46                        fwdchain="zone_${redirect_src}_forward" 
     47                fi 
    3848 
    3949                natopt="--to-destination" 
     
    107117                        fw add $mode f ${fwdchain:-forward} ACCEPT + \ 
    108118                                { $redirect_src_ip $redirect_dest_ip } { \ 
    109                                 $srcaddr ${destaddr:--m conntrack --ctstate DNAT} \ 
     119                                $srcaddr $destaddr \ 
    110120                                $pr \ 
    111121                                $srcports $destports \ 
    112122                                ${sm:+-m mac $sm} \ 
     123                                $fwdopt \ 
    113124                                $redirect_extra \ 
    114125                        } 
Note: See TracChangeset for help on using the changeset viewer.