The zone forwarding policy was installed source bound which resulted
in zones with forward accept policy to allow traffic anywhere while
only traffic between the zones network is supposed to be allowed in this
case.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
}
setbit(zone->flags[0], fw3_to_src_target(zone->policy_input));
}
setbit(zone->flags[0], fw3_to_src_target(zone->policy_input));
- setbit(zone->flags[0], fw3_to_src_target(zone->policy_forward));
+ setbit(zone->flags[0], zone->policy_forward);
setbit(zone->flags[0], zone->policy_output);
setbit(zone->flags[1], fw3_to_src_target(zone->policy_input));
setbit(zone->flags[0], zone->policy_output);
setbit(zone->flags[1], fw3_to_src_target(zone->policy_input));
- setbit(zone->flags[1], fw3_to_src_target(zone->policy_forward));
+ setbit(zone->flags[1], zone->policy_forward);
setbit(zone->flags[1], zone->policy_output);
list_add_tail(&zone->list, &state->zones);
setbit(zone->flags[1], zone->policy_output);
list_add_tail(&zone->list, &state->zones);
fw3_ipt_rule_append(r, "zone_%s_input", zone->name);
r = fw3_ipt_rule_new(handle);
fw3_ipt_rule_append(r, "zone_%s_input", zone->name);
r = fw3_ipt_rule_new(handle);
- fw3_ipt_rule_target(r, "zone_%s_src_%s", zone->name,
+ fw3_ipt_rule_target(r, "zone_%s_dest_%s", zone->name,
fw3_flag_names[zone->policy_forward]);
fw3_ipt_rule_append(r, "zone_%s_forward", zone->name);
fw3_flag_names[zone->policy_forward]);
fw3_ipt_rule_append(r, "zone_%s_forward", zone->name);