firewall: fix support for netranges in redirect and rule sections

SVN-Revision: 21640

diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 4f4f71c325c0adcb27d97d91051f8c79e40c6202..2387df247bb5950f42b9b54ba7eaf8ea4814bc2d 100644 (file)
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=2
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 
 include $(INCLUDE_DIR)/package.mk
 

diff --git a/package/firewall/files/lib/config.sh b/package/firewall/files/lib/config.sh
index 1c5e030961093e9d0b9b7ab115b4d98f617f2b2a..c21391266a465d1ed41748e8a50e2067b65e47eb 100644 (file)
--- a/package/firewall/files/lib/config.sh
+++ b/package/firewall/files/lib/config.sh
@@ -87,8 +87,8 @@ config_get_ipaddr() {
 
        local vers=
        case "$addr" in
-               *.*) vers=4 ;;
-               *:*) vers=6 ;;
+               *.*) vers=4; mask="${mask:-32}" ;;
+               *:*) vers=6; mask="${mask:-128}" ;;
        esac
        
        export ${NO_EXPORT:+-n} -- "${varn}=${addr}"

diff --git a/package/firewall/files/lib/core_redirect.sh b/package/firewall/files/lib/core_redirect.sh
index c19c494084e8399dc3d851b31d3df67d6eb16633..87f584e37bf44912639491c5ef8d16e8a98743ad 100644 (file)
--- a/package/firewall/files/lib/core_redirect.sh
+++ b/package/firewall/files/lib/core_redirect.sh
@@ -42,8 +42,8 @@ fw_load_redirect() {
        for redirect_proto in $redirect_proto; do
                fw add $mode n zone_${redirect_src}_prerouting DNAT $ { $redirect_src_ip $redirect_dest_ip } { \
                        ${redirect_proto:+-p $redirect_proto} \
-                       ${redirect_src_ip:+-s $redirect_src_ip} \
-                       ${redirect_src_dip:+-d $redirect_src_dip} \
+                       ${redirect_src_ip:+-s $redirect_src_ip/$redirect_src_ip_prefixlen} \
+                       ${redirect_src_dip:+-d $redirect_src_dip/$redirect_src_dip_prefixlen} \
                        ${redirect_src_port:+--sport $redirect_src_port} \
                        ${redirect_src_dport:+--dport $redirect_src_dport} \
                        ${redirect_src_mac:+-m mac --mac-source $redirect_src_mac} \
@@ -53,7 +53,7 @@ fw_load_redirect() {
                fw add $mode f zone_${redirect_src}_forward ACCEPT ^ { $redirect_src_ip $redirect_dest_ip } { \
                        -d $redirect_dest_ip \
                        ${redirect_proto:+-p $redirect_proto} \
-                       ${redirect_src_ip:+-s $redirect_src_ip} \
+                       ${redirect_src_ip:+-s $redirect_src_ip/$redirect_src_ip_prefixlen} \
                        ${redirect_src_port:+--sport $redirect_src_port} \
                        ${fwd_dest_port:+--dport $fwd_dest_port} \
                        ${redirect_src_mac:+-m mac --mac-source $redirect_src_mac} \

diff --git a/package/firewall/files/lib/core_rule.sh b/package/firewall/files/lib/core_rule.sh
index 7beb153ba79aef0650646c180d5a0fe93373e23a..f93d49ebcf151eadb4c67f59566cf4eae5800c8c 100644 (file)
--- a/package/firewall/files/lib/core_rule.sh
+++ b/package/firewall/files/lib/core_rule.sh
@@ -56,10 +56,10 @@ fw_load_rule() {
        for rule_proto in $rule_proto; do
                fw add $mode f $chain $target $rule_pos { $rule_src_ip $rule_dest_ip } { \
                        ${rule_proto:+-p $rule_proto} \
-                       ${rule_src_ip:+-s $rule_src_ip} \
+                       ${rule_src_ip:+-s $rule_src_ip/$rule_src_ip_prefixlen} \
                        ${rule_src_port:+--sport $rule_src_port} \
                        ${rule_src_mac:+-m mac --mac-source $rule_src_mac} \
-                       ${rule_dest_ip:+-d $rule_dest_ip} \
+                       ${rule_dest_ip:+-d $rule_dest_ip/$rule_dest_ip_prefixlen} \
                        ${rule_dest_port:+--dport $rule_dest_port} \
                        ${rule_icmp_type:+--icmp-type $rule_icmp_type} \
                }