projects / project / firewall4.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ruleset: properly render redirect targets without port
[project/firewall4.git] / root / usr / share / firewall4 / templates / redirect.uc
1 {%+ if (redirect.family && !redirect.has_addrs): -%}
2 meta nfproto {{ fw4.nfproto(redirect.family) }} {%+ endif -%}
3 {%+ if (!redirect.proto.any && !redirect.has_ports): -%}
4 meta l4proto {{
5 (redirect.proto.name == 'icmp' && redirect.family == 6) ? 'ipv6-icmp' : redirect.proto.name
6 }} {%+ endif -%}
7 {%+ if (redirect.device): -%}
8 oifname {{ fw4.quote(redirect.device, true) }} {%+ endif -%}
9 {%+ if (redirect.saddrs_pos): -%}
10 {{ fw4.ipproto(redirect.family) }} saddr {{ fw4.set(redirect.saddrs_pos) }} {%+ endif -%}
11 {%+ if (redirect.saddrs_neg): -%}
12 {{ fw4.ipproto(redirect.family) }} saddr != {{ fw4.set(redirect.saddrs_neg) }} {%+ endif -%}
13 {%+ if (redirect.daddrs_pos): -%}
14 {{ fw4.ipproto(redirect.family) }} daddr {{ fw4.set(redirect.daddrs_pos) }} {%+ endif -%}
15 {%+ if (redirect.daddrs_neg): -%}
16 {{ fw4.ipproto(redirect.family) }} daddr != {{ fw4.set(redirect.daddrs_neg) }} {%+ endif -%}
17 {%+ if (redirect.sports_pos): -%}
18 {{ redirect.proto.name }} sport {{ fw4.set(redirect.sports_pos) }} {%+ endif -%}
19 {%+ if (redirect.sports_neg): -%}
20 {{ redirect.proto.name }} sport != {{ fw4.set(redirect.sports_neg) }} {%+ endif -%}
21 {%+ if (redirect.dports_pos): -%}
22 {{ redirect.proto.name }} dport {{ fw4.set(redirect.dports_pos) }} {%+ endif -%}
23 {%+ if (redirect.dports_neg): -%}
24 {{ redirect.proto.name }} dport != {{ fw4.set(redirect.dports_neg) }} {%+ endif -%}
25 {%+ if (redirect.smacs_pos): -%}
26 ether saddr {{ fw4.set(redirect.smacs_pos) }} {%+ endif -%}
27 {%+ if (redirect.smacs_neg): -%}
28 ether saddr != {{ fw4.set(redirect.smacs_neg) }} {%+ endif -%}
29 {%+ if (redirect.helper): -%}
30 ct helper{% if (redirect.helper.invert): %} !={% endif %} {{ fw4.quote(redirect.helper.name, true) }} {%+ endif -%}
31 {%+ if (redirect.limit): -%}
32 limit rate {{ redirect.limit.rate }}/{{ redirect.limit.unit }}
33 {%- if (redirect.limit_burst): %} burst {{ redirect.limit_burst }} packets{% endif %} {%+ endif -%}
34 {%+ if (redirect.start_date): -%}
35 meta time >= {{
36 exists(redirect.start_date, "hour") ? fw4.datetime(redirect.start_date) : fw4.date(redirect.start_date)
37 }} {%+ endif -%}
38 {%+ if (redirect.stop_date): -%}
39 meta time <= {{
40 exists(redirect.stop_date, "hour") ? fw4.datetime(redirect.stop_date) : fw4.date(redirect.stop_date)
41 }} {%+ endif -%}
42 {%+ if (redirect.start_time): -%}
43 meta hour >= {{ fw4.time(redirect.start_time) }} {%+ endif -%}
44 {%+ if (redirect.stop_time): -%}
45 meta hour <= {{ fw4.time(redirect.stop_time) }} {%+ endif -%}
46 {%+ if (redirect.weekdays): -%}
47 meta day{% if (redirect.weekdays.invert): %} !={% endif %} {{ fw4.set(redirect.weekdays.days) }} {%+ endif -%}
48 {%+ if (redirect.mark && redirect.mark.mask < 0xFFFFFFFF): -%}
49 meta mark and {{ fw4.hex(redirect.mark.mask) }} {{
50 redirect.mark.invert ? '!=' : '=='
51 }} {{ fw4.hex(redirect.mark.mark) }} {%+ endif -%}
52 {%+ if (redirect.mark && redirect.mark.mask == 0xFFFFFFFF): -%}
53 meta mark{% if (redirect.mark.invert): %} !={% endif %} {{ fw4.hex(redirect.mark.mark) }} {%+ endif -%}
54 {%+ if (redirect.ipset): -%}
55 {{ fw4.concat(redirect.ipset.fields) }}{{
56 redirect.ipset.invert ? ' !=' : ''
57 }} @{{ redirect.ipset.name }} {%+ endif -%}
58 {%+ if (redirect.counter): -%}
59 counter {%+ endif -%}
60 {% if (redirect.target == "redirect"): -%}
61 redirect{% if (redirect.rport): %} to {{ fw4.port(redirect.rport) }}{% endif %}
62 {%- elif (redirect.target == "accept" || redirect.target == "masquerade"): -%}
63 {{ redirect.target }}
64 {%- else -%}
65 {{ redirect.target }} {{ redirect.raddr ? fw4.host(redirect.raddr) : '' }}
66 {%- if (redirect.rport): %}:{{ fw4.port(redirect.rport) }}{% endif %}
67 {% endif %} comment {{ fw4.quote("!fw4: " + redirect.name, true) }}
OpenWrt nftables firewall