. /lib/functions/network.sh
+ADDED=0
+
add_extzone_rules() {
local ext_zone=$1
+ [ -z "$ext_zone" ] && return
+
# IPv4 - due to NAT, need to add both to nat and filter table
iptables -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
iptables -t nat -I zone_${ext_zone}_prerouting -j MINIUPNPD
[ -x $IP6TABLES ] && {
$IP6TABLES -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
}
+ ADDED=$(($ADDED + 1))
}
-network_find_wan wan_iface
-network_get_device wan_device $wan_iface
-
-for ext_zone in $(fw3 -q device "$wan_device"); do
- add_extzone_rules $ext_zone
-done
+# By default, user configuration is king.
for ext_iface in $(uci -q get upnpd.config.external_iface); do
- for ext_zone in $(fw3 -q network "$ext_iface"); do
- add_extzone_rules $ext_zone
- done
+ add_extzone_rules $(fw3 -q network "$ext_iface")
done
+add_extzone_rules $(uci -q get upnpd.config.external_zone)
+
+[ ! $ADDED = 0 ] && exit 0
+
+
+# If really nothing is available, resort to network_find_wan{,6} and
+# assume external interfaces all have same firewall zone.
+
+# (This heuristic may fail horribly, in case of e.g. multihoming, so
+# please set external_zone in that case!)
+
+network_find_wan wan_iface
+network_find_wan6 wan6_iface
+
+for ext_iface in $wan_iface $wan6_iface; do
+ # fw3 -q network fails on sub-interfaces => map to device first
+ network_get_device ext_device $ext_iface
+ add_extzone_rules $(fw3 -q device "$ext_device")
+done
projects / feed / routing.git / blobdiff