firewall: allow symbolic names of interfaces and aliases in masq_src and masq_dest
authorJo-Philipp Wich <jow@openwrt.org>
Thu, 16 Jun 2011 21:54:59 +0000 (21:54 +0000)
committerJo-Philipp Wich <jow@openwrt.org>
Thu, 16 Jun 2011 21:54:59 +0000 (21:54 +0000)
SVN-Revision: 27196

package/firewall/Makefile
package/firewall/files/lib/core_init.sh
package/firewall/files/lib/fw.sh

index 829719c279151ba9070491826021036d4df0d46d..f8510f1825a6a04b04c1967ea30ed3a7b61acadd 100644 (file)
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=2
-PKG_RELEASE:=25
+PKG_RELEASE:=26
 
 include $(INCLUDE_DIR)/package.mk
 
index 42124b39bd47cbc85208d93349a8a7f30a9f49ee..185fffb98bcf7bd38653b6222c857df01718f626 100644 (file)
@@ -245,9 +245,17 @@ fw_load_zone() {
        if [ "$zone_masq" == 1 ]; then
                local msrc mdst
                for msrc in ${zone_masq_src:-0.0.0.0/0}; do
-                       fw_get_negation msrc '-s' "$msrc"
+                       case "$msrc" in
+                               *.*) fw_get_negation msrc '-s' "$msrc" ;;
+                               *)   fw_get_subnet4 msrc '-s' "$msrc" ;;
+                       esac
+
                        for mdst in ${zone_masq_dest:-0.0.0.0/0}; do
-                               fw_get_negation mdst '-d' "$mdst"
+                               case "$mdst" in
+                                       *.*) fw_get_negation mdst '-d' "$mdst" ;;
+                                       *)   fw_get_subnet4 mdst '-d' "$mdst" ;;
+                               esac
+
                                fw add $mode n ${chain}_nat MASQUERADE $ { $msrc $mdst }
                        done
                done
index 16a39b6a66fbe730700734640aadb6545e71fac4..19dddef4433aee9197bd08b1dcaee162b98d8716 100644 (file)
@@ -227,3 +227,20 @@ fw_get_negation() {
                export -n -- "$_var=! $_flag ${_ipaddr#!}" || \
                export -n -- "$_var=${_ipaddr:+$_flag $_ipaddr}"
 }
+
+fw_get_subnet4() {
+       local _var="$1"
+       local _flag="$2"
+       local _name="$3"
+
+       local _ipaddr="$(uci_get_state network "${_name#!}" ipaddr)"
+       local _netmask="$(uci_get_state network "${_name#!}" netmask)"
+
+       case "$_ipaddr" in
+               *.*.*.*)
+                       [ "${_name#!}" != "$_name" ] && \
+                               export -n -- "$_var=! $_flag $_ipaddr/${_netmask:-255.255.255.255}" || \
+                               export -n -- "$_var=$_flag $_ipaddr/${_netmask:-255.255.255.255}"
+               ;;
+       esac
+}