From c6537133132fa5acf0bdd024e6793ff095d8284f Mon Sep 17 00:00:00 2001
From: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Sat, 11 Sep 2010 20:04:34 +0000
Subject: [package] firewall: 	- simplify masquerade rule setup 	-
 remove various subshell invocations 	- speedup fw() by not relying on xargs
 and pipes 	- rework SNAT support - attach to dest zone, use
 src_dip/src_dport as snat source

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23024 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/firewall/files/lib/core_init.sh | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'package/firewall/files/lib/core_init.sh')

diff --git a/package/firewall/files/lib/core_init.sh b/package/firewall/files/lib/core_init.sh
index bce94afe0..e1f80ba3f 100644
--- a/package/firewall/files/lib/core_init.sh
+++ b/package/firewall/files/lib/core_init.sh
@@ -212,9 +212,6 @@ fw_load_zone() {
 
 	fw add $mode r ${chain}_notrack
 
-	[ $zone_masq == 1 ] && \
-		fw add $mode n POSTROUTING ${chain}_nat $
-
 	[ $zone_mtu_fix == 1 ] && \
 		fw add $mode f FORWARD ${chain}_MSSFIX ^
 
@@ -243,6 +240,18 @@ fw_load_zone() {
 		done
 	}
 
+	# NB: if MASQUERADING for IPv6 becomes available we'll need a family check here
+	if [ "$zone_masq" == 1 ]; then
+		local msrc mdst
+		for msrc in ${zone_masq_src:-0.0.0.0/0}; do
+			[ "${msrc#!}" != "$msrc" ] && msrc="! -s ${msrc#!}" || msrc="-s $msrc"
+			for mdst in ${zone_masq_dest:-0.0.0.0/0}; do
+				[ "${mdst#!}" != "$mdst" ] && mdst="! -d ${mdst#!}" || mdst="-d $mdst"
+				fw add $mode n ${chain}_nat MASQUERADE $ { $msrc $mdst }
+			done
+		done
+	fi
+
 	fw_callback post zone
 }
 
-- 
cgit v1.2.3