mirror of
git://projects.qi-hardware.com/openwrt-xburst.git
synced 2024-11-24 01:33:10 +02:00
[backfire] firewall: allow redirecting only destination port (#7197)
git-svn-id: svn://svn.openwrt.org/openwrt/branches/backfire@22228 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
jow
parent
1660376c9d
commit
1ad551b0a7
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||||||
PKG_NAME:=firewall
|
PKG_NAME:=firewall
|
||||||
|
|
||||||
PKG_VERSION:=1
|
PKG_VERSION:=1
|
||||||
PKG_RELEASE:=11
|
PKG_RELEASE:=12
|
||||||
|
|
||||||
include $(INCLUDE_DIR)/package.mk
|
include $(INCLUDE_DIR)/package.mk
|
||||||
|
|
||||||
|
|||||||
@ -353,8 +353,8 @@ fw_redirect() {
|
|||||||
config_get dest_ip $1 dest_ip
|
config_get dest_ip $1 dest_ip
|
||||||
config_get dest_port $1 dest_port
|
config_get dest_port $1 dest_port
|
||||||
config_get proto $1 proto
|
config_get proto $1 proto
|
||||||
[ -z "$src" -o -z "$dest_ip" ] && { \
|
[ -z "$src" -o -z "$dest_ip$dest_port" ] && { \
|
||||||
echo "redirect needs src and dest_ip"; return ; }
|
echo "redirect needs src and dest_ip or dest_port"; return ; }
|
||||||
|
|
||||||
find_item "$src" $CONNTRACK_ZONES || \
|
find_item "$src" $CONNTRACK_ZONES || \
|
||||||
append CONNTRACK_ZONES "$src"
|
append CONNTRACK_ZONES "$src"
|
||||||
@ -385,6 +385,7 @@ fw_redirect() {
|
|||||||
${src_mac:+-m mac --mac-source $src_mac} \
|
${src_mac:+-m mac --mac-source $src_mac} \
|
||||||
-j DNAT --to-destination $dest_ip${dest_port:+:$dest_port}
|
-j DNAT --to-destination $dest_ip${dest_port:+:$dest_port}
|
||||||
|
|
||||||
|
[ -n "$dest_ip" ] && \
|
||||||
$IPTABLES -I zone_${src}_forward 1 \
|
$IPTABLES -I zone_${src}_forward 1 \
|
||||||
${proto:+-p $proto} \
|
${proto:+-p $proto} \
|
||||||
-d $dest_ip \
|
-d $dest_ip \
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user