/*
* firewall3 - 3rd OpenWrt UCI firewall implementation
*
- * Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
+ * Copyright (C) 2013 Jo-Philipp Wich <jo@mein.io>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include "forwards.h"
-static struct fw3_option forward_opts[] = {
+const struct fw3_option fw3_forward_opts[] = {
+ FW3_OPT("enabled", bool, forward, enabled),
+
FW3_OPT("name", string, forward, name),
FW3_OPT("family", family, forward, family),
FW3_OPT("src", device, forward, src),
FW3_OPT("dest", device, forward, dest),
+
+ { }
};
if (strcmp(s->type, "forwarding"))
continue;
- forward = malloc(sizeof(*forward));
-
+ forward = calloc(1, sizeof(*forward));
if (!forward)
continue;
- memset(forward, 0, sizeof(*forward));
+ forward->enabled = true;
- fw3_parse_options(forward, forward_opts, ARRAY_SIZE(forward_opts), s);
+ fw3_parse_options(forward, fw3_forward_opts, s);
+
+ if (!forward->enabled)
+ {
+ fw3_free_forward(forward);
+ continue;
+ }
if (forward->src.invert || forward->dest.invert)
{
continue;
}
+ list_add_tail(&forward->list, &state->forwards);
+ continue;
+ }
+
+ list_for_each_entry(forward, &state->forwards, list)
+ {
+ /* NB: forward family... */
if (forward->_dest)
{
- setbit(forward->_dest->has_dest_target, FW3_TARGET_ACCEPT);
-
- if (forward->_src &&
- (forward->_src->conntrack || forward->_dest->conntrack))
- {
- forward->_src->conntrack = forward->_dest->conntrack = true;
- }
+ fw3_setbit(forward->_dest->flags[0], FW3_FLAG_ACCEPT);
+ fw3_setbit(forward->_dest->flags[1], FW3_FLAG_ACCEPT);
}
-
- list_add_tail(&forward->list, &state->forwards);
- continue;
}
}
static void
-print_chain(struct fw3_forward *forward)
+append_chain(struct fw3_ipt_rule *r, struct fw3_forward *forward)
{
if (forward->src.any || !forward->src.set)
- fw3_pr("-A delegate_forward");
+ fw3_ipt_rule_append(r, "FORWARD");
else
- fw3_pr("-A zone_%s_forward", forward->src.name);
+ fw3_ipt_rule_append(r, "zone_%s_forward", forward->src.name);
}
-static void print_target(struct fw3_forward *forward)
+static void set_target(struct fw3_ipt_rule *r, struct fw3_forward *forward)
{
if (forward->dest.any || !forward->dest.set)
- fw3_pr(" -j ACCEPT\n");
+ fw3_ipt_rule_target(r, "ACCEPT");
else
- fw3_pr(" -j zone_%s_dest_ACCEPT\n", forward->dest.name);
+ fw3_ipt_rule_target(r, "zone_%s_dest_ACCEPT", forward->dest.name);
}
static void
-print_forward(enum fw3_table table, enum fw3_family family,
- struct fw3_forward *forward)
+print_forward(struct fw3_ipt_handle *handle, struct fw3_forward *forward)
{
const char *s, *d;
+ struct fw3_ipt_rule *r;
- if (table != FW3_TABLE_FILTER)
+ if (handle->table != FW3_TABLE_FILTER)
return;
- if (!fw3_is_family(forward, family) ||
- (forward->_src && !fw3_is_family(forward->_src, family)) ||
- (forward->_dest && !fw3_is_family(forward->_dest, family)))
+ if (!fw3_is_family(forward, handle->family))
return;
s = forward->_src ? forward->_src->name : "*";
d = forward->_dest ? forward->_dest->name : "*";
- if (forward->name)
- info(" * Forward '%s'", forward->name);
- else
- info(" * Forward %s->%s", s, d);
+ info(" * Forward '%s' -> '%s'", s, d);
+
+ if (!fw3_is_family(forward->_src, handle->family) ||
+ !fw3_is_family(forward->_dest, handle->family))
+ {
+ info(" ! Skipping due to different family of zone");
+ return;
+ }
- print_chain(forward);
- fw3_format_comment("forwarding ", s, "->", d);
- print_target(forward);
+ r = fw3_ipt_rule_new(handle);
+ fw3_ipt_rule_comment(r, "forwarding %s -> %s", s, d);
+ set_target(r, forward);
+ append_chain(r, forward);
}
void
-fw3_print_forwards(enum fw3_table table, enum fw3_family family,
- struct fw3_state *state)
+fw3_print_forwards(struct fw3_ipt_handle *handle, struct fw3_state *state)
{
struct fw3_forward *forward;
list_for_each_entry(forward, &state->forwards, list)
- print_forward(table, family, forward);
+ print_forward(handle, forward);
}