X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=root%2Fusr%2Fshare%2Fucode%2Ffw4.uc;h=5135ef1e990cf315e31ab51926f0a5c39e2038bb;hb=5c21714dc503d9cee6a638cb8ab06fb40ae473cc;hp=9d2a0b49c18c7899b7beb9409764eabf0232aea9;hpb=3eacc97415f877f3a20d1fd9771318041c6d6f8a;p=project%2Ffirewall4.git

diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index 9d2a0b4..5135ef1 100644
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -993,9 +993,9 @@ return {
 
 	parse_direction: function(val) {
 		if (val == 'in' || val == 'ingress')
-			return true;
-		else if (val == 'out' || val == 'egress')
 			return false;
+		else if (val == 'out' || val == 'egress')
+			return true;
 
 		return null;
 	},
@@ -2148,7 +2148,7 @@ return {
 			src: [ "zone_ref" ],
 			dest: [ "zone_ref" ],
 
-			device: [ "device" ],
+			device: [ "device", null, NO_INVERT ],
 			direction: [ "direction" ],
 
 			ipset: [ "setmatch" ],
@@ -2215,6 +2215,10 @@ return {
 			this.warn_section(data, "must specify option 'set_helper' for target 'helper'");
 			return;
 		}
+		else if (rule.device?.any) {
+			this.warn_section(data, "must not specify '*' as device");
+			return;
+		}
 
 		let ipset;
 
@@ -2303,11 +2307,15 @@ return {
 				else
 					r.chain = "mangle_output";
 
-				if (r.src?.zone)
+				if (r.src?.zone) {
 					r.src.zone.dflags[r.target] = true;
+					r.iifnames = null_if_empty(r.src.zone.match_devices);
+				}
 
-				if (r.dest?.zone)
+				if (r.dest?.zone) {
 					r.dest.zone.dflags[r.target] = true;
+					r.oifnames = null_if_empty(r.dest.zone.match_devices);
+				}
 			}
 			else {
 				r.chain = "output";
@@ -2338,6 +2346,9 @@ return {
 					r.jump_chain = "handle_reject";
 			}
 
+			if (r.device)
+				r[r.direction ? "oifnames" : "iifnames"] = [ r.device.device ];
+
 			this.state.rules = this.state.rules || [];
 			push(this.state.rules, r);
 		};