projects / openwrt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 750dead)
[package] firewall:
authorjow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Sun, 5 Sep 2010 20:17:23 +0000 (20:17 +0000)
committerjow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Sun, 5 Sep 2010 20:17:23 +0000 (20:17 +0000)
- fix possible endless loop when the family option is used for forwardings
- only generate forwarding rules in SNAT redirect sections if src_dip is specified

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22938 3c298f89-4303-0410-b956-a3cf2f4a3e73

package/firewall/files/lib/core_redirect.sh patch | blob | history
package/firewall/files/lib/fw.sh patch | blob | history

diff --git a/package/firewall/files/lib/core_redirect.sh b/package/firewall/files/lib/core_redirect.sh
index 913f963..2f0e38f 100644 (file)
--- a/package/firewall/files/lib/core_redirect.sh
+++ b/package/firewall/files/lib/core_redirect.sh
@@ -31,13 +31,15 @@ fw_load_redirect() {
                fw_die "redirect ${redirect_name}: needs src and dest_ip or dest_port"
        }
 
-       local chain destopt
+       local chain destopt destaddr
        if [ "$redirect_target" == "DNAT" ]; then
                chain="zone_${redirect_src}_prerouting"
                destopt="--to-destination"
+               destaddr="$redirect_dest_ip"
        elif [ "$redirect_target" == "SNAT" ]; then
                chain="zone_${redirect_src}_nat"
                destopt="--to-source"
+               destaddr="$redirect_src_dip"
        else
                fw_die "redirect ${redirect_name}: target must be either DNAT or SNAT"
        fi
@@ -65,9 +67,9 @@ fw_load_redirect() {
                        $destopt ${redirect_dest_ip}${redirect_dest_port:+:$nat_dest_port} \
                }
 
-               [ -n "$redirect_dest_ip" ] && \
+               [ -n "$destaddr" ] && \
                fw add $mode f zone_${redirect_src}_forward ACCEPT ^ { $redirect_src_ip $redirect_dest_ip } { \
-                       -d $redirect_dest_ip \
+                       -d $destaddr \
                        ${redirect_proto:+-p $redirect_proto} \
                        ${redirect_src_ip:+-s $redirect_src_ip/$redirect_src_ip_prefixlen} \
                        ${redirect_src_port:+--sport $redirect_src_port} \
diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh
index 819aa48..aaf3d14 100644 (file)
--- a/package/firewall/files/lib/fw.sh
+++ b/package/firewall/files/lib/fw.sh
@@ -149,7 +149,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
        fi
 
        case "$fam" in
-               G*) shift; while [ "$1" != "{" ]; do shift; done ;;
+               G*) shift; while [ $# -gt 0 ] && [ "$1" != "{" ]; do shift; done ;;
        esac
 
        if [ $# -gt 0 ]; then
Personal OpenWRT clone
This page took 0.027483 seconds and 4 git commands to generate.