464xlat: don't set default firewall zone to wan

Don't set the default firewall zone to wan if not specified to keep the
behavior aligned with other tunnel protocols like gre and 6rd.
If the interface zone is not specified try to get it from the firewall config
when constructing the procd firewall rule.
While at it only add a procd inbound firewall rule if a zone is specified.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

diff --git a/package/network/ipv6/464xlat/Makefile b/package/network/ipv6/464xlat/Makefile
index 9be09fa916365171328b819b42bbac5a3ed3a55c..f4dce2e77d848c64067fb573ed9558c4a4031ed3 100644 (file)
--- a/package/network/ipv6/464xlat/Makefile
+++ b/package/network/ipv6/464xlat/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=464xlat
-PKG_VERSION:=11
+PKG_VERSION:=12
 
 PKG_SOURCE_DATE:=2018-01-16
 PKG_MAINTAINER:=Hans Dedecker <dedeckeh@gmail.com>

diff --git a/package/network/ipv6/464xlat/files/464xlat.sh b/package/network/ipv6/464xlat/files/464xlat.sh
index e5fcf7db96c1bcc208f3a304d4d1e0ce0e73330c..c90ac1af59a7972c61499a7e5c301860345d5ffa 100755 (executable)
--- a/package/network/ipv6/464xlat/files/464xlat.sh
+++ b/package/network/ipv6/464xlat/files/464xlat.sh
@@ -27,7 +27,7 @@ proto_464xlat_setup() {
        local ip6addr ip6prefix tunlink zone
        json_get_vars ip6addr ip6prefix tunlink zone
 
-       [ -z "$zone" ] && zone="wan"
+       [ "$zone" = "-" ] && zone=""
 
        ( proto_add_host_dependency "$cfg" "::" "$tunlink" )
 
@@ -53,25 +53,29 @@ proto_464xlat_setup() {
        proto_add_ipv6_route $ip6addr 128 "" "" "" "" 128
 
        proto_add_data
-       [ "$zone" != "-" ] && json_add_string zone "$zone"
+       [ -n "$zone" ] && json_add_string zone "$zone"
 
        json_add_array firewall
+               [ -z "$zone" ] && zone=$(fw3 -q network $iface 2>/dev/null)
+
                json_add_object ""
                        json_add_string type nat
                        json_add_string target SNAT
                        json_add_string family inet
                        json_add_string snat_ip 192.0.0.1
                json_close_object
-               json_add_object ""
-                       json_add_string type rule
-                       json_add_string family inet6
-                       json_add_string proto all
-                       json_add_string direction in
-                       json_add_string dest "$zone"
-                       json_add_string src "$zone"
-                       json_add_string src_ip $ip6addr
-                       json_add_string target ACCEPT
-               json_close_object
+               [ -n "$zone" ] && {
+                       json_add_object ""
+                               json_add_string type rule
+                               json_add_string family inet6
+                               json_add_string proto all
+                               json_add_string direction in
+                               json_add_string dest "$zone"
+                               json_add_string src "$zone"
+                               json_add_string src_ip $ip6addr
+                               json_add_string target ACCEPT
+                       json_close_object
+               }
        json_close_array
        proto_close_data