|
|
@ -34,7 +34,17 @@ fw_load_redirect() { |
|
|
|
return 0 |
|
|
|
return 0 |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
fwdchain="zone_${redirect_src}${redirect_dest_ip:+_forward}" |
|
|
|
fwdopt="" |
|
|
|
|
|
|
|
fwdchain="" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Check whether only ports are given or whether the given dest ip is local, |
|
|
|
|
|
|
|
# in this case match only DNATed traffic and allow it on input, not forward |
|
|
|
|
|
|
|
if [ -z "$redirect_dest_ip" ] || /sbin/ifconfig | grep -qE "addr:${redirect_dest_ip//./\\.}\b"; then |
|
|
|
|
|
|
|
fwdopt="-m conntrack --ctstate DNAT" |
|
|
|
|
|
|
|
fwdchain="zone_${redirect_src}" |
|
|
|
|
|
|
|
else |
|
|
|
|
|
|
|
fwdchain="zone_${redirect_src}_forward" |
|
|
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
natopt="--to-destination" |
|
|
|
natopt="--to-destination" |
|
|
|
natchain="zone_${redirect_src}_prerouting" |
|
|
|
natchain="zone_${redirect_src}_prerouting" |
|
|
@ -106,10 +116,11 @@ fw_load_redirect() { |
|
|
|
|
|
|
|
|
|
|
|
fw add $mode f ${fwdchain:-forward} ACCEPT + \ |
|
|
|
fw add $mode f ${fwdchain:-forward} ACCEPT + \ |
|
|
|
{ $redirect_src_ip $redirect_dest_ip } { \ |
|
|
|
{ $redirect_src_ip $redirect_dest_ip } { \ |
|
|
|
$srcaddr ${destaddr:--m conntrack --ctstate DNAT} \ |
|
|
|
$srcaddr $destaddr \ |
|
|
|
$pr \ |
|
|
|
$pr \ |
|
|
|
$srcports $destports \ |
|
|
|
$srcports $destports \ |
|
|
|
${sm:+-m mac $sm} \ |
|
|
|
${sm:+-m mac $sm} \ |
|
|
|
|
|
|
|
$fwdopt \ |
|
|
|
$redirect_extra \ |
|
|
|
$redirect_extra \ |
|
|
|
} |
|
|
|
} |
|
|
|
done |
|
|
|
done |
|
|
|