summaryrefslogtreecommitdiff
path: root/package/firewall/files
diff options
context:
space:
mode:
Diffstat (limited to 'package/firewall/files')
-rw-r--r--package/firewall/files/lib/core_init.sh12
-rw-r--r--package/firewall/files/lib/fw.sh17
2 files changed, 27 insertions, 2 deletions
diff --git a/package/firewall/files/lib/core_init.sh b/package/firewall/files/lib/core_init.sh
index 42124b39bd..185fffb98b 100644
--- a/package/firewall/files/lib/core_init.sh
+++ b/package/firewall/files/lib/core_init.sh
@@ -245,9 +245,17 @@ fw_load_zone() {
if [ "$zone_masq" == 1 ]; then
local msrc mdst
for msrc in ${zone_masq_src:-0.0.0.0/0}; do
- fw_get_negation msrc '-s' "$msrc"
+ case "$msrc" in
+ *.*) fw_get_negation msrc '-s' "$msrc" ;;
+ *) fw_get_subnet4 msrc '-s' "$msrc" ;;
+ esac
+
for mdst in ${zone_masq_dest:-0.0.0.0/0}; do
- fw_get_negation mdst '-d' "$mdst"
+ case "$mdst" in
+ *.*) fw_get_negation mdst '-d' "$mdst" ;;
+ *) fw_get_subnet4 mdst '-d' "$mdst" ;;
+ esac
+
fw add $mode n ${chain}_nat MASQUERADE $ { $msrc $mdst }
done
done
diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh
index 16a39b6a66..19dddef443 100644
--- a/package/firewall/files/lib/fw.sh
+++ b/package/firewall/files/lib/fw.sh
@@ -227,3 +227,20 @@ fw_get_negation() {
export -n -- "$_var=! $_flag ${_ipaddr#!}" || \
export -n -- "$_var=${_ipaddr:+$_flag $_ipaddr}"
}
+
+fw_get_subnet4() {
+ local _var="$1"
+ local _flag="$2"
+ local _name="$3"
+
+ local _ipaddr="$(uci_get_state network "${_name#!}" ipaddr)"
+ local _netmask="$(uci_get_state network "${_name#!}" netmask)"
+
+ case "$_ipaddr" in
+ *.*.*.*)
+ [ "${_name#!}" != "$_name" ] && \
+ export -n -- "$_var=! $_flag $_ipaddr/${_netmask:-255.255.255.255}" || \
+ export -n -- "$_var=$_flag $_ipaddr/${_netmask:-255.255.255.255}"
+ ;;
+ esac
+}