diff options
| -rw-r--r-- | package/firewall/Makefile | 2 | ||||
| -rw-r--r-- | package/firewall/files/reflection.hotplug | 16 |
2 files changed, 13 insertions, 5 deletions
diff --git a/package/firewall/Makefile b/package/firewall/Makefile index ff62309d3..25c110040 100644 --- a/package/firewall/Makefile +++ b/package/firewall/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=firewall PKG_VERSION:=2 -PKG_RELEASE:=27 +PKG_RELEASE:=28 include $(INCLUDE_DIR)/package.mk diff --git a/package/firewall/files/reflection.hotplug b/package/firewall/files/reflection.hotplug index 4fd8f296d..7ab4c5fe8 100644 --- a/package/firewall/files/reflection.hotplug +++ b/package/firewall/files/reflection.hotplug @@ -91,23 +91,31 @@ if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then [ "${inthost#!}" = "$inthost" ] || return 0 [ "${exthost#!}" = "$exthost" ] || return 0 + [ "${epmin#!}" != "$epmin" ] && \ + extport="! --dport ${epmin#!}${epmax:+:$epmax}" || \ + extport="--dport $epmin${epmax:+:$epmax}" + + [ "${ipmin#!}" != "$ipmin" ] && \ + intport="! --dport ${ipmin#!}${ipmax:+:$ipmax}" || \ + intport="--dport $ipmin${ipmax:+:$ipmax}" + local p for p in ${proto:-tcp udp}; do case "$p" in tcp|udp) iptables -t nat -A nat_reflection_in \ -s $lanip/$lanmk -d $exthost \ - -p $p --dport $epmin${epmax:+:$epmax} \ - -j DNAT --to $inthost:$ipmin${ipmax:+-$ipmax} + -p $p $extport \ + -j DNAT --to $inthost:${ipmin#!}${ipmax:+-$ipmax} iptables -t nat -A nat_reflection_out \ -s $lanip/$lanmk -d $inthost \ - -p $p --dport $ipmin${ipmax:+:$ipmax} \ + -p $p $intport \ -j SNAT --to-source $lanip iptables -t filter -A nat_reflection_fwd \ -s $lanip/$lanmk -d $inthost \ - -p $p --dport $ipmin${ipmax:+:$ipmax} \ + -p $p $intport \ -j ACCEPT ;; esac |