X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fsvn-archive%2Farchive.git;a=blobdiff_plain;f=package%2Ffirewall%2Ffiles%2Fuci_firewall.sh;h=f6e82bcb69fea3ac8992daa508e7eb6cb0492eaf;hp=27e9dd71d6b5c2f979068c3459c71c19ca2bdb3e;hb=76da0f2b1440a2619557c3f9e7a7cd0a70e5032c;hpb=dfd70fbe15488bf64f485a0a9e69c41b101d6139

diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 27e9dd71d6..f6e82bcb69 100755
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -163,6 +163,7 @@ fw_rule() {
 	local dest_port
 	local proto
 	local target
+	local ruleset
 
 	config_get src $1 src
 	config_get src_ip $1 src_ip
@@ -180,6 +181,8 @@ fw_rule() {
 	[ -n "$dest" ] && TARGET=zone_${dest}_$target || TARGET=$target
 	[ -n "$dest_port" -a -z "$proto" ] && { \
 		echo "dport may only be used it proto is defined"; return; }
+	[ -n "$src_port" -a -z "$proto" ] && { \
+		echo "sport may only be used it proto is defined"; return; }
 	$IPTABLES -I $ZONE 1 \
 		${proto:+-p $proto} \
 		${src_ip:+-s $src_ip} \
@@ -210,7 +213,7 @@ fw_redirect() {
 	local src_mac
 	local dest_ip
 	local dest_port
-	local protocol
+	local proto
 	
 	config_get src $1 src
 	config_get src_ip $1 src_ip
@@ -219,22 +222,24 @@ fw_redirect() {
 	config_get src_mac $1 src_mac
 	config_get dest_ip $1 dest_ip
 	config_get dest_port $1 dest_port
-	config_get protocol $1 protocol
+	config_get proto $1 proto
 	[ -z "$src" -o -z "$dest_ip" ] && { \
 		echo "redirect needs src and dest_ip"; return ; }
 	[ -n "$dest_port" -a -z "$proto" ] && { \
 		echo "dport may only be used it proto is defined"; return; }
+	[ -n "$src_port" -a -z "$proto" ] && { \
+		echo "sport may only be used it proto is defined"; return; }
 	$IPTABLES -A zone_${src}_prerouting -t nat \
-		${protocol:+-p $protocol} \
-		${src_ip:+-s $srcdip} \
+		${proto:+-p $proto} \
+		${src_ip:+-s $src_ip} \
 		${src_port:+--sport $src_port} \
 		${src_dport:+--dport $src_dport} \
 		${src_mac:+-m mac --mac-source $src_mac} \
 		-j DNAT --to-destination $dest_ip${dest_port:+:$dest_port}
 	$IPTABLES -I zone_${src}_forward 1 \
-		${protocol:+-p $protocol} \
+		${proto:+-p $proto} \
 		-d $dest_ip \
-		${src_ip:+-s $srcdip} \
+		${src_ip:+-s $src_ip} \
 		${src_port:+--sport $src_port} \
 		${dest_port:+--dport $dest_port} \
 		${src_mac:+-m mac --mac-source $src_mac} \
@@ -256,6 +261,19 @@ fw_addif() {
 	(ACTION="ifup" INTERFACE="$1" . /etc/hotplug.d/iface/20-firewall)
 }
 
+fw_custom_chains() {
+	$IPTABLES -N input_rule
+	$IPTABLES -N output_rule
+	$IPTABLES -N forward_rule
+	$IPTABLES -N prerouting_rule -t nat
+	$IPTABLES -N postrouting_rule -t nat
+	$IPTABLES -A INPUT -j input_rule
+	$IPTABLES -A OUTPUT -j output_rule
+	$IPTABLES -A FORWARD -j forward_rule
+	$IPTABLES -A PREROUTING -t nat -j prerouting_rule
+	$IPTABLES -A POSTROUTING -t nat -j postrouting_rule
+}
+
 fw_init() {
 	echo "Loading defaults"
 	config_foreach fw_defaults defaults
@@ -269,7 +287,9 @@ fw_init() {
 	config_foreach fw_redirect redirect
 	echo "Loading includes"
 	config_foreach fw_include include
-	
+	echo "Adding custom chains"
+	fw_custom_chains
+
 	uci_set_state firewall core "" firewall_state 
 	uci_set_state firewall core loaded 1
 	unset CONFIG_APPEND