|
|
@ -63,6 +63,7 @@ create_zone() { |
|
|
|
$IPTABLES -N zone_$1_prerouting -t nat |
|
|
|
$IPTABLES -N zone_$1_prerouting -t nat |
|
|
|
$IPTABLES -t raw -N zone_$1_notrack |
|
|
|
$IPTABLES -t raw -N zone_$1_notrack |
|
|
|
[ "$6" == "1" ] && $IPTABLES -t nat -A POSTROUTING -j zone_$1_nat |
|
|
|
[ "$6" == "1" ] && $IPTABLES -t nat -A POSTROUTING -j zone_$1_nat |
|
|
|
|
|
|
|
[ "$7" == "1" ] && $IPTABLES -I FORWARD 1 -j zone_$1_MSSFIX |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
addif() { |
|
|
|
addif() { |
|
|
@ -227,11 +228,12 @@ fw_zone() { |
|
|
|
config_get network $1 network |
|
|
|
config_get network $1 network |
|
|
|
config_get_bool masq $1 masq "0" |
|
|
|
config_get_bool masq $1 masq "0" |
|
|
|
config_get_bool conntrack $1 conntrack "0" |
|
|
|
config_get_bool conntrack $1 conntrack "0" |
|
|
|
|
|
|
|
config_get_bool mtu_fix $1 mtu_fix 0 |
|
|
|
|
|
|
|
|
|
|
|
load_policy $1 |
|
|
|
load_policy $1 |
|
|
|
[ "$conntrack" = "1" -o "$masq" = "1" ] && append CONNTRACK_ZONES "$name" |
|
|
|
[ "$conntrack" = "1" -o "$masq" = "1" ] && append CONNTRACK_ZONES "$name" |
|
|
|
[ -z "$network" ] && network=$name |
|
|
|
[ -z "$network" ] && network=$name |
|
|
|
create_zone "$name" "$network" "$input" "$output" "$forward" "$masq" |
|
|
|
create_zone "$name" "$network" "$input" "$output" "$forward" "$masq" "$mtu_fix" |
|
|
|
fw_custom_chains_zone "$name" |
|
|
|
fw_custom_chains_zone "$name" |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
@ -305,11 +307,9 @@ fw_forwarding() { |
|
|
|
|
|
|
|
|
|
|
|
config_get src $1 src |
|
|
|
config_get src $1 src |
|
|
|
config_get dest $1 dest |
|
|
|
config_get dest $1 dest |
|
|
|
config_get_bool mtu_fix $1 mtu_fix 0 |
|
|
|
|
|
|
|
[ -n "$src" ] && z_src=zone_${src}_forward || z_src=forward |
|
|
|
[ -n "$src" ] && z_src=zone_${src}_forward || z_src=forward |
|
|
|
[ -n "$dest" ] && z_dest=zone_${dest}_ACCEPT || z_dest=ACCEPT |
|
|
|
[ -n "$dest" ] && z_dest=zone_${dest}_ACCEPT || z_dest=ACCEPT |
|
|
|
$IPTABLES -I $z_src 1 -j $z_dest |
|
|
|
$IPTABLES -I $z_src 1 -j $z_dest |
|
|
|
[ "$mtu_fix" -gt 0 -a -n "$dest" ] && $IPTABLES -I $z_src 1 -j zone_${dest}_MSSFIX |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# propagate masq zone flag |
|
|
|
# propagate masq zone flag |
|
|
|
find_item "$src" $CONNTRACK_ZONES && append CONNTRACK_ZONES $dest |
|
|
|
find_item "$src" $CONNTRACK_ZONES && append CONNTRACK_ZONES $dest |
|
|
|