diff options
author | jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2013-02-04 14:38:33 +0000 |
---|---|---|
committer | jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2013-02-04 14:38:33 +0000 |
commit | 6351a51255125f717fae33ff0b2852b0ba3dd551 (patch) | |
tree | df8e07613004ca3a6247d5d0d89e1339be14a13b /package/network/config/firewall/files/lib/core_redirect.sh | |
parent | 6ec4b12517f63923263923141b648f13a5e952a9 (diff) |
firewall: various enhancements
- reduce mssfix related log spam (#10681)
- separate src and dest terminal chains (#11453, #12945)
- disable per-zone custom chains by default, they're rarely used
Additionally introduce options "device", "subnet", "extra", "extra_src" and "extra_dest"
to allow defining zones not related to uci interfaces, e.g. to match "ppp+" or any tcp
traffic to and from a specific port.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35484 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/network/config/firewall/files/lib/core_redirect.sh')
-rw-r--r-- | package/network/config/firewall/files/lib/core_redirect.sh | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/package/network/config/firewall/files/lib/core_redirect.sh b/package/network/config/firewall/files/lib/core_redirect.sh index fe396c1c1..9493bc6ae 100644 --- a/package/network/config/firewall/files/lib/core_redirect.sh +++ b/package/network/config/firewall/files/lib/core_redirect.sh @@ -41,7 +41,7 @@ fw_load_redirect() { # in this case match only DNATed traffic and allow it on input, not forward if [ -z "$redirect_dest_ip" ] || /sbin/ifconfig | grep -qE "addr:${redirect_dest_ip//./\\.}\b"; then fwdopt="-m conntrack --ctstate DNAT" - fwdchain="zone_${redirect_src}" + fwdchain="zone_${redirect_src}_input" else fwdchain="zone_${redirect_src}_forward" fi @@ -114,7 +114,7 @@ fw_load_redirect() { $redirect_options \ } - fw add $mode f ${fwdchain:-forward} ACCEPT + \ + fw add $mode f ${fwdchain:-delegate_forward} ACCEPT + \ { $redirect_src_ip $redirect_dest_ip } { \ $srcaddr $destaddr \ $pr \ |