[ -n "$dest" ] && TARGET=zone_${dest}_$target || TARGET=$target
[ -n "$dest_port" -a -z "$proto" ] && { \
echo "dport may only be used it proto is defined"; return; }
+ [ -n "$src_port" -a -z "$proto" ] && { \
+ echo "sport may only be used it proto is defined"; return; }
$IPTABLES -I $ZONE 1 \
${proto:+-p $proto} \
${src_ip:+-s $src_ip} \
echo "redirect needs src and dest_ip"; return ; }
[ -n "$dest_port" -a -z "$proto" ] && { \
echo "dport may only be used it proto is defined"; return; }
+ [ -n "$src_port" -a -z "$proto" ] && { \
+ echo "sport may only be used it proto is defined"; return; }
+
+ src_port_first=${src_port%-*}
+ src_port_last=${src_port#*-}
+ [ "$src_port_first" -ne "$src_port_last" ] && { \
+ src_port="$src_port_first:$src_port_last"; }
+
+ src_dport_first=${src_dport%-*}
+ src_dport_last=${src_dport#*-}
+ [ "$src_dport_first" -ne "$src_dport_last" ] && { \
+ src_dport="$src_dport_first:$src_dport_last"; }
+
$IPTABLES -A zone_${src}_prerouting -t nat \
${proto:+-p $proto} \
${src_ip:+-s $src_ip} \
${src_dport:+--dport $src_dport} \
${src_mac:+-m mac --mac-source $src_mac} \
-j DNAT --to-destination $dest_ip${dest_port:+:$dest_port}
+
+ dest_port_first=${dest_port%-*}
+ dest_port_last=${dest_port#*-}
+ [ "$dest_port_first" -ne "$dest_port_last" ] && { \
+ dest_port="$dest_port_first:$dest_port_last"; }
+
$IPTABLES -I zone_${src}_forward 1 \
${proto:+-p $proto} \
-d $dest_ip \
(ACTION="ifup" INTERFACE="$1" . /etc/hotplug.d/iface/20-firewall)
}
+fw_custom_chains() {
+ $IPTABLES -N input_rule
+ $IPTABLES -N output_rule
+ $IPTABLES -N forward_rule
+ $IPTABLES -N prerouting_rule -t nat
+ $IPTABLES -N postrouting_rule -t nat
+ $IPTABLES -A INPUT -j input_rule
+ $IPTABLES -A OUTPUT -j output_rule
+ $IPTABLES -A FORWARD -j forward_rule
+ $IPTABLES -A PREROUTING -t nat -j prerouting_rule
+ $IPTABLES -A POSTROUTING -t nat -j postrouting_rule
+}
+
fw_init() {
echo "Loading defaults"
config_foreach fw_defaults defaults
config_foreach fw_redirect redirect
echo "Loading includes"
config_foreach fw_include include
-
+ echo "Adding custom chains"
+ fw_custom_chains
+
uci_set_state firewall core "" firewall_state
uci_set_state firewall core loaded 1
unset CONFIG_APPEND