summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>2011-06-16 21:54:59 +0000
committerjow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>2011-06-16 21:54:59 +0000
commitf19aa29f129ac74cc08c21d84711570e9fbabfd4 (patch)
tree88eab7603c7dd1e0c264c08b6367215f8dd3963d
parentd440b026f62fea5ff3949e1e6f9fc1fce9861b06 (diff)
[package] firewall: allow symbolic names of interfaces and aliases in masq_src and masq_dest
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27196 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--package/firewall/Makefile2
-rw-r--r--package/firewall/files/lib/core_init.sh12
-rw-r--r--package/firewall/files/lib/fw.sh17
3 files changed, 28 insertions, 3 deletions
diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 829719c279..f8510f1825 100644
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall
PKG_VERSION:=2
-PKG_RELEASE:=25
+PKG_RELEASE:=26
include $(INCLUDE_DIR)/package.mk
diff --git a/package/firewall/files/lib/core_init.sh b/package/firewall/files/lib/core_init.sh
index 42124b39bd..185fffb98b 100644
--- a/package/firewall/files/lib/core_init.sh
+++ b/package/firewall/files/lib/core_init.sh
@@ -245,9 +245,17 @@ fw_load_zone() {
if [ "$zone_masq" == 1 ]; then
local msrc mdst
for msrc in ${zone_masq_src:-0.0.0.0/0}; do
- fw_get_negation msrc '-s' "$msrc"
+ case "$msrc" in
+ *.*) fw_get_negation msrc '-s' "$msrc" ;;
+ *) fw_get_subnet4 msrc '-s' "$msrc" ;;
+ esac
+
for mdst in ${zone_masq_dest:-0.0.0.0/0}; do
- fw_get_negation mdst '-d' "$mdst"
+ case "$mdst" in
+ *.*) fw_get_negation mdst '-d' "$mdst" ;;
+ *) fw_get_subnet4 mdst '-d' "$mdst" ;;
+ esac
+
fw add $mode n ${chain}_nat MASQUERADE $ { $msrc $mdst }
done
done
diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh
index 16a39b6a66..19dddef443 100644
--- a/package/firewall/files/lib/fw.sh
+++ b/package/firewall/files/lib/fw.sh
@@ -227,3 +227,20 @@ fw_get_negation() {
export -n -- "$_var=! $_flag ${_ipaddr#!}" || \
export -n -- "$_var=${_ipaddr:+$_flag $_ipaddr}"
}
+
+fw_get_subnet4() {
+ local _var="$1"
+ local _flag="$2"
+ local _name="$3"
+
+ local _ipaddr="$(uci_get_state network "${_name#!}" ipaddr)"
+ local _netmask="$(uci_get_state network "${_name#!}" netmask)"
+
+ case "$_ipaddr" in
+ *.*.*.*)
+ [ "${_name#!}" != "$_name" ] && \
+ export -n -- "$_var=! $_flag $_ipaddr/${_netmask:-255.255.255.255}" || \
+ export -n -- "$_var=$_flag $_ipaddr/${_netmask:-255.255.255.255}"
+ ;;
+ esac
+}