projects / project / firewall4.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ruleset: apply egress MSS fixup later to apply final MTU before wire
[project/firewall4.git] / root / usr / share / firewall4 / templates / zone-match.uc
1 {%+ if (rule.devices_pos): -%}
2 {{ egress ? "oifname" : "iifname" }} {{ fw4.set(rule.devices_pos) }} {%+ endif -%}
3 {%+ if (rule.devices_neg): -%}
4 {{ egress ? "oifname" : "iifname" }} != {{ fw4.set(rule.devices_neg) }} {%+ endif -%}
5 {%+ for (let wcndev in rule.devices_neg_wildcard): -%}
6 {{ egress ? "oifname" : "iifname" }} != {{ fw4.quote(wcndev) }} {%+ endfor -%}
7 {%+ if (rule.subnets_pos): -%}
8 {{ fw4.ipproto(rule.family) }} {{ egress ? "daddr" : "saddr" }} {{ fw4.set(rule.subnets_pos) }} {%+ endif -%}
9 {%+ if (rule.subnets_neg): -%}
10 {{ fw4.ipproto(rule.family) }} {{ egress ? "daddr" : "saddr" }} != {{ fw4.set(rule.subnets_neg) }} {%+ endif -%}
11 {%+ for (let subnet in rule.subnets_masked): -%}
12 {{ fw4.ipproto(rule.family) }} {{ egress ? "daddr" : "saddr" }} & {{ subnet.mask }} {{ subnet.invert ? '!=' : '==' }} {{ subnet.addr }} {%+ endfor -%}
OpenWrt nftables firewall