- notrack support was broken in multiple ways, fix it
- also consider a zone conntracked if any redirect references it (#7196)
SVN-Revision: 22215
PKG_NAME:=firewall
PKG_VERSION:=2
PKG_NAME:=firewall
PKG_VERSION:=2
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/package.mk
echo "Loading includes"
config_foreach fw_load_include include
echo "Loading includes"
config_foreach fw_load_include include
- [ -n "$FW_NOTRACK_DISABLED" ] && {
+ [ -z "$FW_NOTRACK_DISABLED" ] && {
echo "Optimizing conntrack"
config_foreach fw_load_notrack_zone zone
}
echo "Optimizing conntrack"
config_foreach fw_load_notrack_zone zone
}
fw add $mode f $chain $target ^
# propagate masq zone flag
fw add $mode f $chain $target ^
# propagate masq zone flag
- [ -n "$forwarding_src" ] && list_contains CONNTRACK_ZONES $forwarding_src && {
- append CONNTRACK_ZONES $forwarding_dest
+ [ -n "$forwarding_src" ] && list_contains FW_CONNTRACK_ZONES $forwarding_src && {
+ append FW_CONNTRACK_ZONES $forwarding_dest
- [ -n "$forwarding_dest" ] && list_contains CONNTRACK_ZONES $forwarding_dest && {
- append CONNTRACK_ZONES $forwarding_src
+ [ -n "$forwarding_dest" ] && list_contains FW_CONNTRACK_ZONES $forwarding_dest && {
+ append FW_CONNTRACK_ZONES $forwarding_src
}
fw_callback post forwarding
}
fw_callback post forwarding
}
fw_load_notrack_zone() {
}
fw_load_notrack_zone() {
- list_contains FW_CONNTRACK_ZONES "$1" && return
-
+ list_contains FW_CONNTRACK_ZONES "${zone_name}" && return
- fw add i f zone_${zone_name}_notrack NOTRACK $
+ fw add i r zone_${zone_name}_notrack NOTRACK $
fw_callback post notrack
}
fw_callback post notrack
}
fw_die "redirect ${redirect_name}: needs src and dest_ip"
}
fw_die "redirect ${redirect_name}: needs src and dest_ip"
}
+ list_contains FW_CONNTRACK_ZONES $redirect_src || \
+ append FW_CONNTRACK_ZONES $redirect_src
+
local mode=$(fw_get_family_mode ${redirect_family:-x} $redirect_src I)
local nat_dest_port=$redirect_dest_port
local mode=$(fw_get_family_mode ${redirect_family:-x} $redirect_src I)
local nat_dest_port=$redirect_dest_port
projects / openwrt / svn-archive / archive.git / commitdiff