firewall: prevent ip6tables -t nat rules (#10265)

author Jo-Philipp Wich <jow@openwrt.org>

Sun, 23 Oct 2011 12:25:57 +0000 (12:25 +0000)

committer Jo-Philipp Wich <jow@openwrt.org>

Sun, 23 Oct 2011 12:25:57 +0000 (12:25 +0000)
author Jo-Philipp Wich <jow@openwrt.org>
Sun, 23 Oct 2011 12:25:57 +0000 (12:25 +0000)
committer Jo-Philipp Wich <jow@openwrt.org>
Sun, 23 Oct 2011 12:25:57 +0000 (12:25 +0000)
diff --git a/package/firewall/Makefile b/package/firewall/Makefile

index 8ce0295ee54eab4a4f6435602f2b20e3d9b70395..637d0ecccb8b9d3da44f6629a3a26ecd79c7003f 100644 (file)
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
  PKG_NAME:=firewall
  
  PKG_VERSION:=2
-PKG_RELEASE:=38
+PKG_RELEASE:=39
  
  include $(INCLUDE_DIR)/package.mk
  
diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh

index a8a791149478badda041dd01c1fa36179afc6428..7922d222f8da6e38b0529cac06eeb64de411780b 100644 (file)
--- a/package/firewall/files/lib/fw.sh
+++ b/package/firewall/files/lib/fw.sh
@@ -74,7 +74,8 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
                         fw__rc $(($? & 1))
                         return
                 fi
-               fw__rc 0
+               [ "$app" != ip6tables ] || [ "$tab" != nat ]
+               fw__rc $?
         }
  
         fw__err() {
author	Jo-Philipp Wich <jow@openwrt.org>
	Sun, 23 Oct 2011 12:25:57 +0000 (12:25 +0000)
committer	Jo-Philipp Wich <jow@openwrt.org>
	Sun, 23 Oct 2011 12:25:57 +0000 (12:25 +0000)
package/firewall/Makefile		patch \| blob \| history
package/firewall/files/lib/fw.sh		patch \| blob \| history