X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/291f78f21ab699d2650a7f308ac8c58ccf85275e..271da7f4e93492f377c0fcf25def4591d60b9fbc:/package/firewall/files/lib/core_init.sh diff --git a/package/firewall/files/lib/core_init.sh b/package/firewall/files/lib/core_init.sh index bce94afe0..42124b39b 100644 --- a/package/firewall/files/lib/core_init.sh +++ b/package/firewall/files/lib/core_init.sh @@ -42,7 +42,7 @@ fw_load_defaults() { boolean disable_ipv6 0 \ } || return [ -n "$FW_DEFAULTS_APPLIED" ] && { - echo "Error: multiple defaults sections detected" + fw_log error "duplicate defaults section detected, skipping" return 1 } FW_DEFAULTS_APPLIED=1 @@ -159,7 +159,8 @@ fw_load_zone() { fw_config_get_zone "$1" list_contains FW_ZONES $zone_name && { - fw_die "zone ${zone_name}: duplicated zone" + fw_log error "zone ${zone_name}: duplicated zone, skipping" + return 0 } append FW_ZONES $zone_name @@ -212,9 +213,6 @@ fw_load_zone() { fw add $mode r ${chain}_notrack - [ $zone_masq == 1 ] && \ - fw add $mode n POSTROUTING ${chain}_nat $ - [ $zone_mtu_fix == 1 ] && \ fw add $mode f FORWARD ${chain}_MSSFIX ^ @@ -243,6 +241,18 @@ fw_load_zone() { done } + # NB: if MASQUERADING for IPv6 becomes available we'll need a family check here + if [ "$zone_masq" == 1 ]; then + local msrc mdst + for msrc in ${zone_masq_src:-0.0.0.0/0}; do + fw_get_negation msrc '-s' "$msrc" + for mdst in ${zone_masq_dest:-0.0.0.0/0}; do + fw_get_negation mdst '-d' "$mdst" + fw add $mode n ${chain}_nat MASQUERADE $ { $msrc $mdst } + done + done + fi + fw_callback post zone } @@ -261,8 +271,10 @@ fw_load_notrack_zone() { fw_load_include() { local name="$1" - local path; config_get path ${name} path - [ -e $path ] && . $path + local path + config_get path ${name} path + + [ -e $path ] && ( . $path ) }