X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/c6537133132fa5acf0bdd024e6793ff095d8284f..b757185a710cf46e76088cf03887a01cd3fdf81f:/package/firewall/files/lib/core_redirect.sh?ds=sidebyside diff --git a/package/firewall/files/lib/core_redirect.sh b/package/firewall/files/lib/core_redirect.sh index 72364a99e..87941a2a1 100644 --- a/package/firewall/files/lib/core_redirect.sh +++ b/package/firewall/files/lib/core_redirect.sh @@ -30,7 +30,8 @@ fw_load_redirect() { local fwdchain natchain natopt nataddr natports srcdaddr srcdports if [ "$redirect_target" == "DNAT" ]; then [ -n "$redirect_src" -a -n "$redirect_dest_ip$redirect_dest_port" ] || { - fw_die "DNAT redirect ${redirect_name}: needs src and dest_ip or dest_port" + fw_log error "DNAT redirect ${redirect_name}: needs src and dest_ip or dest_port, skipping" + return 0 } fwdchain="zone_${redirect_src}_forward" @@ -40,7 +41,7 @@ fw_load_redirect() { nataddr="$redirect_dest_ip" fw_get_port_range natports "$redirect_dest_port" "-" - srcdaddr="${redirect_src_dip:+$redirect_src_dip/$redirect_src_dip_prefixlen}" + fw_get_negation srcdaddr '-d' "${redirect_src_dip:+$redirect_src_dip/$redirect_src_dip_prefixlen}" fw_get_port_range srcdports "$redirect_src_dport" ":" list_contains FW_CONNTRACK_ZONES $redirect_src || \ @@ -48,7 +49,8 @@ fw_load_redirect() { elif [ "$redirect_target" == "SNAT" ]; then [ -n "$redirect_dest" -a -n "$redirect_src_dip" ] || { - fw_die "SNAT redirect ${redirect_name}: needs dest and src_dip" + fw_log error "SNAT redirect ${redirect_name}: needs dest and src_dip, skipping" + return 0 } fwdchain="${redirect_src:+zone_${redirect_src}_forward}" @@ -58,34 +60,41 @@ fw_load_redirect() { nataddr="$redirect_src_dip" fw_get_port_range natports "$redirect_src_dport" "-" - srcdaddr="${redirect_dest_ip:+$redirect_dest_ip/$redirect_dest_ip_prefixlen}" + fw_get_negation srcdaddr '-d' "${redirect_dest_ip:+$redirect_dest_ip/$redirect_dest_ip_prefixlen}" fw_get_port_range srcdports "$redirect_dest_port" ":" list_contains FW_CONNTRACK_ZONES $redirect_dest || \ append FW_CONNTRACK_ZONES $redirect_dest else - fw_die "redirect ${redirect_name}: target must be either DNAT or SNAT" + fw_log error "redirect ${redirect_name}: target must be either DNAT or SNAT, skipping" + return 0 fi local mode fw_get_family_mode mode ${redirect_family:-x} ${redirect_src:-$redirect_dest} I - local srcaddr="${redirect_src_ip:+$redirect_src_ip/$redirect_src_ip_prefixlen}" + local srcaddr + fw_get_negation srcaddr '-s' "${redirect_src_ip:+$redirect_src_ip/$redirect_src_ip_prefixlen}" + local srcports fw_get_port_range srcports "$redirect_src_port" ":" - local destaddr="${redirect_dest_ip:+$redirect_dest_ip/$redirect_dest_ip_prefixlen}" + local destaddr + fw_get_negation destaddr '-d' "${redirect_dest_ip:+$redirect_dest_ip/$redirect_dest_ip_prefixlen}" + local destports fw_get_port_range destports "${redirect_dest_port:-$redirect_src_dport}" ":" [ "$redirect_proto" == "tcpudp" ] && redirect_proto="tcp udp" for redirect_proto in $redirect_proto; do - fw add $mode n $natchain $redirect_target ^ { $redirect_src_ip $redirect_dest_ip } { \ + local pos + eval 'pos=$((++FW__REDIR_COUNT_'${mode#G}'_'$natchain'))' + + fw add $mode n $natchain $redirect_target $pos { $redirect_src_ip $redirect_dest_ip } { \ + $srcaddr $srcdaddr \ ${redirect_proto:+-p $redirect_proto} \ - ${srcaddr:+-s $srcaddr} \ ${srcports:+--sport $srcports} \ - ${srcdaddr:+-d $srcdaddr} \ ${srcdports:+--dport $srcdports} \ ${redirect_src_mac:+-m mac --mac-source $redirect_src_mac} \ $natopt $nataddr${natports:+:$natports} \ @@ -93,10 +102,9 @@ fw_load_redirect() { [ -n "$destaddr" ] && \ fw add $mode f ${fwdchain:-forward} ACCEPT ^ { $redirect_src_ip $redirect_dest_ip } { \ + $srcaddr $destaddr \ ${redirect_proto:+-p $redirect_proto} \ - ${srcaddr:+-s $srcaddr} \ ${srcports:+--sport $srcports} \ - ${destaddr:+-d $destaddr} \ ${destports:+--dport $destports} \ ${redirect_src_mac:+-m mac --mac-source $redirect_src_mac} \ }