firewall: allow redirecting only destination port (#7197)
authorJo-Philipp Wich <jow@openwrt.org>
Fri, 16 Jul 2010 06:03:15 +0000 (06:03 +0000)
committerJo-Philipp Wich <jow@openwrt.org>
Fri, 16 Jul 2010 06:03:15 +0000 (06:03 +0000)
SVN-Revision: 22227

package/firewall/Makefile
package/firewall/files/lib/core_redirect.sh

index b1969d9abdffc64e7bb682e553be42481cfd06be..c1f3f6eb229b5f82f20ff3d0d8b6c4a1d06161fb 100644 (file)
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=2
-PKG_RELEASE:=7
+PKG_RELEASE:=8
 
 include $(INCLUDE_DIR)/package.mk
 
index b51f79390a59798cc786ffc98100d1700778e1a1..15d01b0a7557cd7b1b44e7dd76e6888a9bb80324 100644 (file)
@@ -26,8 +26,8 @@ fw_load_redirect() {
 
        fw_callback pre redirect
 
-       [ -n "$redirect_src" -a -n "$redirect_dest_ip" ] || {
-               fw_die "redirect ${redirect_name}: needs src and dest_ip"
+       [ -n "$redirect_src" -a -n "$redirect_dest_ip$redirect_dest_port" ] || {
+               fw_die "redirect ${redirect_name}: needs src and dest_ip or dest_port"
        }
 
        list_contains FW_CONNTRACK_ZONES $redirect_src || \
@@ -53,6 +53,7 @@ fw_load_redirect() {
                        --to-destination ${redirect_dest_ip}${redirect_dest_port:+:$nat_dest_port} \
                }
 
+               [ -n "$redirect_dest_ip" ] && \
                fw add $mode f zone_${redirect_src}_forward ACCEPT ^ { $redirect_src_ip $redirect_dest_ip } { \
                        -d $redirect_dest_ip \
                        ${redirect_proto:+-p $redirect_proto} \