summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>2010-09-05 20:17:23 +0000
committerjow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>2010-09-05 20:17:23 +0000
commit614052f0c67842118765104aff8d119db3c380db (patch)
treedcc51f546ca31b046edc0ee3372d5ed7cb5620c2
parent750dead7922e939ee1d957cfb6b7f0ce65061067 (diff)
[package] firewall:
- fix possible endless loop when the family option is used for forwardings - only generate forwarding rules in SNAT redirect sections if src_dip is specified git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22938 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--package/firewall/files/lib/core_redirect.sh8
-rw-r--r--package/firewall/files/lib/fw.sh2
2 files changed, 6 insertions, 4 deletions
diff --git a/package/firewall/files/lib/core_redirect.sh b/package/firewall/files/lib/core_redirect.sh
index 913f963562..2f0e38f393 100644
--- a/package/firewall/files/lib/core_redirect.sh
+++ b/package/firewall/files/lib/core_redirect.sh
@@ -31,13 +31,15 @@ fw_load_redirect() {
fw_die "redirect ${redirect_name}: needs src and dest_ip or dest_port"
}
- local chain destopt
+ local chain destopt destaddr
if [ "$redirect_target" == "DNAT" ]; then
chain="zone_${redirect_src}_prerouting"
destopt="--to-destination"
+ destaddr="$redirect_dest_ip"
elif [ "$redirect_target" == "SNAT" ]; then
chain="zone_${redirect_src}_nat"
destopt="--to-source"
+ destaddr="$redirect_src_dip"
else
fw_die "redirect ${redirect_name}: target must be either DNAT or SNAT"
fi
@@ -65,9 +67,9 @@ fw_load_redirect() {
$destopt ${redirect_dest_ip}${redirect_dest_port:+:$nat_dest_port} \
}
- [ -n "$redirect_dest_ip" ] && \
+ [ -n "$destaddr" ] && \
fw add $mode f zone_${redirect_src}_forward ACCEPT ^ { $redirect_src_ip $redirect_dest_ip } { \
- -d $redirect_dest_ip \
+ -d $destaddr \
${redirect_proto:+-p $redirect_proto} \
${redirect_src_ip:+-s $redirect_src_ip/$redirect_src_ip_prefixlen} \
${redirect_src_port:+--sport $redirect_src_port} \
diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh
index 819aa48eae..aaf3d14ef0 100644
--- a/package/firewall/files/lib/fw.sh
+++ b/package/firewall/files/lib/fw.sh
@@ -149,7 +149,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
fi
case "$fam" in
- G*) shift; while [ "$1" != "{" ]; do shift; done ;;
+ G*) shift; while [ $# -gt 0 ] && [ "$1" != "{" ]; do shift; done ;;
esac
if [ $# -gt 0 ]; then