[package] firewall: allow redirecting only destination port (#7197)

[openwrt/svn-archive/archive.git] / package / firewall / files / lib / core_redirect.sh

diff --git a/package/firewall/files/lib/core_redirect.sh b/package/firewall/files/lib/core_redirect.sh
index b51f79390a59798cc786ffc98100d1700778e1a1..15d01b0a7557cd7b1b44e7dd76e6888a9bb80324 100644 (file)
--- a/package/firewall/files/lib/core_redirect.sh
+++ b/package/firewall/files/lib/core_redirect.sh
@@ -26,8 +26,8 @@ fw_load_redirect() {
 
        fw_callback pre redirect
 
 
        fw_callback pre redirect
 

-       [ -n "$redirect_src" -a -n "$redirect_dest_ip" ] || {
-               fw_die "redirect ${redirect_name}: needs src and dest_ip"
+       [ -n "$redirect_src" -a -n "$redirect_dest_ip$redirect_dest_port" ] || {
+               fw_die "redirect ${redirect_name}: needs src and dest_ip or dest_port"

        }
 
        list_contains FW_CONNTRACK_ZONES $redirect_src || \
        }
 
        list_contains FW_CONNTRACK_ZONES $redirect_src || \


@@ -53,6 +53,7 @@ fw_load_redirect() {
                        --to-destination ${redirect_dest_ip}${redirect_dest_port:+:$nat_dest_port} \
                }
 
                        --to-destination ${redirect_dest_ip}${redirect_dest_port:+:$nat_dest_port} \
                }
 

+               [ -n "$redirect_dest_ip" ] && \

                fw add $mode f zone_${redirect_src}_forward ACCEPT ^ { $redirect_src_ip $redirect_dest_ip } { \
                        -d $redirect_dest_ip \
                        ${redirect_proto:+-p $redirect_proto} \
                fw add $mode f zone_${redirect_src}_forward ACCEPT ^ { $redirect_src_ip $redirect_dest_ip } { \
                        -d $redirect_dest_ip \
                        ${redirect_proto:+-p $redirect_proto} \