diff options
author | jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2010-09-05 20:17:23 +0000 |
---|---|---|
committer | jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2010-09-05 20:17:23 +0000 |
commit | 614052f0c67842118765104aff8d119db3c380db (patch) | |
tree | dcc51f546ca31b046edc0ee3372d5ed7cb5620c2 | |
parent | 750dead7922e939ee1d957cfb6b7f0ce65061067 (diff) |
[package] firewall:
- fix possible endless loop when the family option is used for forwardings
- only generate forwarding rules in SNAT redirect sections if src_dip is specified
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22938 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r-- | package/firewall/files/lib/core_redirect.sh | 8 | ||||
-rw-r--r-- | package/firewall/files/lib/fw.sh | 2 |
2 files changed, 6 insertions, 4 deletions
diff --git a/package/firewall/files/lib/core_redirect.sh b/package/firewall/files/lib/core_redirect.sh index 913f963562..2f0e38f393 100644 --- a/package/firewall/files/lib/core_redirect.sh +++ b/package/firewall/files/lib/core_redirect.sh @@ -31,13 +31,15 @@ fw_load_redirect() { fw_die "redirect ${redirect_name}: needs src and dest_ip or dest_port" } - local chain destopt + local chain destopt destaddr if [ "$redirect_target" == "DNAT" ]; then chain="zone_${redirect_src}_prerouting" destopt="--to-destination" + destaddr="$redirect_dest_ip" elif [ "$redirect_target" == "SNAT" ]; then chain="zone_${redirect_src}_nat" destopt="--to-source" + destaddr="$redirect_src_dip" else fw_die "redirect ${redirect_name}: target must be either DNAT or SNAT" fi @@ -65,9 +67,9 @@ fw_load_redirect() { $destopt ${redirect_dest_ip}${redirect_dest_port:+:$nat_dest_port} \ } - [ -n "$redirect_dest_ip" ] && \ + [ -n "$destaddr" ] && \ fw add $mode f zone_${redirect_src}_forward ACCEPT ^ { $redirect_src_ip $redirect_dest_ip } { \ - -d $redirect_dest_ip \ + -d $destaddr \ ${redirect_proto:+-p $redirect_proto} \ ${redirect_src_ip:+-s $redirect_src_ip/$redirect_src_ip_prefixlen} \ ${redirect_src_port:+--sport $redirect_src_port} \ diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh index 819aa48eae..aaf3d14ef0 100644 --- a/package/firewall/files/lib/fw.sh +++ b/package/firewall/files/lib/fw.sh @@ -149,7 +149,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> } fi case "$fam" in - G*) shift; while [ "$1" != "{" ]; do shift; done ;; + G*) shift; while [ $# -gt 0 ] && [ "$1" != "{" ]; do shift; done ;; esac if [ $# -gt 0 ]; then |