diff options
author | jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2010-09-11 20:04:34 +0000 |
---|---|---|
committer | jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2010-09-11 20:04:34 +0000 |
commit | c6537133132fa5acf0bdd024e6793ff095d8284f (patch) | |
tree | cc43676eb3161ee53be745cd11f65a61e8d03c16 /package/firewall/files/lib/core_init.sh | |
parent | 7b3bd12cf8ee18257abac8deb8c5854070569fdf (diff) |
[package] firewall:
- simplify masquerade rule setup
- remove various subshell invocations
- speedup fw() by not relying on xargs and pipes
- rework SNAT support - attach to dest zone, use src_dip/src_dport as snat source
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23024 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/firewall/files/lib/core_init.sh')
-rw-r--r-- | package/firewall/files/lib/core_init.sh | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/package/firewall/files/lib/core_init.sh b/package/firewall/files/lib/core_init.sh index bce94afe0..e1f80ba3f 100644 --- a/package/firewall/files/lib/core_init.sh +++ b/package/firewall/files/lib/core_init.sh @@ -212,9 +212,6 @@ fw_load_zone() { fw add $mode r ${chain}_notrack - [ $zone_masq == 1 ] && \ - fw add $mode n POSTROUTING ${chain}_nat $ - [ $zone_mtu_fix == 1 ] && \ fw add $mode f FORWARD ${chain}_MSSFIX ^ @@ -243,6 +240,18 @@ fw_load_zone() { done } + # NB: if MASQUERADING for IPv6 becomes available we'll need a family check here + if [ "$zone_masq" == 1 ]; then + local msrc mdst + for msrc in ${zone_masq_src:-0.0.0.0/0}; do + [ "${msrc#!}" != "$msrc" ] && msrc="! -s ${msrc#!}" || msrc="-s $msrc" + for mdst in ${zone_masq_dest:-0.0.0.0/0}; do + [ "${mdst#!}" != "$mdst" ] && mdst="! -d ${mdst#!}" || mdst="-d $mdst" + fw add $mode n ${chain}_nat MASQUERADE $ { $msrc $mdst } + done + done + fi + fw_callback post zone } |