X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/94c817eadb20a09468bef10f0e43036ab2012c89..6c0f1d31579139732e9cf5cfb59da1e8ecacd683:/package/firewall/files/lib/core_init.sh

diff --git a/package/firewall/files/lib/core_init.sh b/package/firewall/files/lib/core_init.sh
index 72cef2f8c..185fffb98 100644
--- a/package/firewall/files/lib/core_init.sh
+++ b/package/firewall/files/lib/core_init.sh
@@ -42,7 +42,7 @@ fw_load_defaults() {
 		boolean disable_ipv6 0 \
 	} || return
 	[ -n "$FW_DEFAULTS_APPLIED" ] && {
-		echo "Error: multiple defaults sections detected"
+		fw_log error "duplicate defaults section detected, skipping"
 		return 1
 	}
 	FW_DEFAULTS_APPLIED=1
@@ -142,6 +142,8 @@ fw_config_get_zone() {
 		string output "$FW_DEFAULT_OUTPUT_POLICY" \
 		string forward "$FW_DEFAULT_FORWARD_POLICY" \
 		boolean masq 0 \
+		string masq_src "" \
+		string masq_dest "" \
 		boolean conntrack 0 \
 		boolean mtu_fix 0 \
 		boolean custom_chains "$FW_ADD_CUSTOM_CHAINS" \
@@ -157,7 +159,8 @@ fw_load_zone() {
 	fw_config_get_zone "$1"
 
 	list_contains FW_ZONES $zone_name && {
-		fw_die "zone ${zone_name}: duplicated zone"
+		fw_log error "zone ${zone_name}: duplicated zone, skipping"
+		return 0
 	}
 	append FW_ZONES $zone_name
 
@@ -210,9 +213,6 @@ fw_load_zone() {
 
 	fw add $mode r ${chain}_notrack
 
-	[ $zone_masq == 1 ] && \
-		fw add $mode n POSTROUTING ${chain}_nat $
-
 	[ $zone_mtu_fix == 1 ] && \
 		fw add $mode f FORWARD ${chain}_MSSFIX ^
 
@@ -241,6 +241,26 @@ fw_load_zone() {
 		done
 	}
 
+	# NB: if MASQUERADING for IPv6 becomes available we'll need a family check here
+	if [ "$zone_masq" == 1 ]; then
+		local msrc mdst
+		for msrc in ${zone_masq_src:-0.0.0.0/0}; do
+			case "$msrc" in
+				*.*) fw_get_negation msrc '-s' "$msrc" ;;
+				*)   fw_get_subnet4 msrc '-s' "$msrc" ;;
+			esac
+
+			for mdst in ${zone_masq_dest:-0.0.0.0/0}; do
+				case "$mdst" in
+					*.*) fw_get_negation mdst '-d' "$mdst" ;;
+					*)   fw_get_subnet4 mdst '-d' "$mdst" ;;
+				esac
+
+				fw add $mode n ${chain}_nat MASQUERADE $ { $msrc $mdst }
+			done
+		done
+	fi
+
 	fw_callback post zone
 }
 
@@ -259,8 +279,10 @@ fw_load_notrack_zone() {
 fw_load_include() {
 	local name="$1"
 
-	local path; config_get path ${name} path
-	[ -e $path ] && . $path
+	local path
+	config_get path ${name} path
+
+	[ -e $path ] && ( . $path )
 }