5 if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
6 local wanip
=$
(uci
-P/var
/state get network.wan.ipaddr
)
8 iptables
-t nat
-F nat_reflection_in
2>/dev
/null ||
{
9 iptables
-t nat
-N nat_reflection_in
10 iptables
-t nat
-A prerouting_rule
-j nat_reflection_in
13 iptables
-t nat
-F nat_reflection_out
2>/dev
/null ||
{
14 iptables
-t nat
-N nat_reflection_out
15 iptables
-t nat
-A postrouting_rule
-j nat_reflection_out
24 config_get name
"$cfg" name
26 [ "$name" = "$zone" ] && {
28 config_get network
"$cfg" network
30 echo ${network:-$zone}
35 config_foreach find_networks_cb zone
"$1"
42 config_get src
"$cfg" src
45 config_get target
"$cfg" target DNAT
47 [ "$src" = wan
] && [ "$target" = DNAT
] && {
49 config_get dest
"$cfg" dest
"lan"
52 for net
in $
(find_networks
"$dest"); do
53 local lanip
=$
(uci
-P/var
/state get network.
$net.ipaddr
)
54 local lanmk
=$
(uci
-P/var
/state get network.
$net.netmask
)
57 config_get proto
"$cfg" proto
60 config_get_bool reflection
"$cfg" reflection
1
61 [ "$reflection" == 1 ] ||
return
63 local epmin epmax extport
64 config_get extport
"$cfg" src_dport
65 [ -n "$extport" ] ||
return
67 epmin
="${extport%[-:]*}"; epmax
="${extport#*[-:]}"
68 [ "$epmin" != "$epmax" ] || epmax
=""
70 local ipmin ipmax intport
71 config_get intport
"$cfg" dest_port
"$extport"
73 ipmin
="${intport%[-:]*}"; ipmax
="${intport#*[-:]}"
74 [ "$ipmin" != "$ipmax" ] || ipmax
=""
77 config_get exthost
"$cfg" src_dip
"$wanip"
80 config_get inthost
"$cfg" dest_ip
81 [ -n "$inthost" ] ||
return
83 [ "$proto" = tcpudp
] && proto
="tcp udp"
86 for p
in ${proto:-tcp udp}; do
89 iptables
-t nat
-A nat_reflection_in \
90 -s $lanip/$lanmk -d $exthost \
91 -p $p --dport $epmin${epmax:+:$epmax} \
92 -j DNAT
--to $inthost:$ipmin${ipmax:+-$ipmax}
94 iptables
-t nat
-A nat_reflection_out \
95 -s $lanip/$lanmk -d $inthost \
96 -p $p --dport $ipmin${ipmax:+:$ipmax} \
97 -j SNAT
--to-source $lanip
106 config_foreach setup_fwd redirect