X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/8b93389dcabc49295c3022bc5b81629fafbfe572..4ccd13ebfa22d9ae1dee2091ee780147088d6eec:/package/firewall/files/uci_firewall.sh

diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 05fe39beb..8d7538201 100755
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -294,8 +294,11 @@ fw_rule() {
 	[ -n "$src" -a -z "$dest" ] && ZONE=zone_$src
 	[ -n "$src" -a -n "$dest" ] && ZONE=zone_${src}_forward
 	[ -n "$dest" ] && TARGET=zone_${dest}_$target
+
+	eval 'RULE_COUNT=$((++RULE_COUNT_'$ZONE'))'
+
 	add_rule() {
-		$IPTABLES -A $ZONE \
+		$IPTABLES -I $ZONE $RULE_COUNT \
 			${proto:+-p $proto} \
 			${icmp_type:+--icmp-type $icmp_type} \
 			${src_ip:+-s $src_ip} \
@@ -343,6 +346,7 @@ fw_redirect() {
 
 	config_get src $1 src
 	config_get src_ip $1 src_ip
+	config_get src_dip $1 src_dip
 	config_get src_port $1 src_port
 	config_get src_dport $1 src_dport
 	config_get src_mac $1 src_mac
@@ -354,24 +358,25 @@ fw_redirect() {
 
 	src_port_first=${src_port%-*}
 	src_port_last=${src_port#*-}
-	[ "$src_port_first" -ne "$src_port_last" ] && { \
+	[ "$src_port_first" != "$src_port_last" ] && { \
 		src_port="$src_port_first:$src_port_last"; }
 
 	src_dport_first=${src_dport%-*}
 	src_dport_last=${src_dport#*-}
-	[ "$src_dport_first" -ne "$src_dport_last" ] && { \
+	[ "$src_dport_first" != "$src_dport_last" ] && { \
 		src_dport="$src_dport_first:$src_dport_last"; }
 
 	dest_port2=${dest_port:-$src_dport}
 	dest_port_first=${dest_port2%-*}
 	dest_port_last=${dest_port2#*-}
-	[ "$dest_port_first" -ne "$dest_port_last" ] && { \
+	[ "$dest_port_first" != "$dest_port_last" ] && { \
 		dest_port2="$dest_port_first:$dest_port_last"; }
 
 	add_rule() {
 		$IPTABLES -A zone_${src}_prerouting -t nat \
 			${proto:+-p $proto} \
 			${src_ip:+-s $src_ip} \
+			${src_dip:+-d $src_dip} \
 			${src_port:+--sport $src_port} \
 			${src_dport:+--dport $src_dport} \
 			${src_mac:+-m mac --mac-source $src_mac} \
@@ -506,9 +511,13 @@ fw_init() {
 	uci_set_state firewall core loaded 1
 	config_set core loaded 1
 	config_foreach fw_check_notrack zone
-	INTERFACES="$(sh -c '. /etc/functions.sh; config_load network; config_foreach echo interface')"
+	INTERFACES="$(sh -c '
+		. /etc/functions.sh; config_load network
+		echo_up() { local up; config_get_bool up "$1" up 0; [ $up = 1 ] && echo "$1"; }
+		config_foreach echo_up interface
+	')"
 	for interface in $INTERFACES; do
-		fw_addif "$interface"
+		fw_event ifup "$interface"
 	done
 }