From: Jo-Philipp Wich Date: Sun, 30 May 2010 23:49:47 +0000 (+0000) Subject: firewall: fix support for netranges in redirect and rule sections X-Git-Tag: reboot~19754 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=e25fbfccdf8c5650fbb697e5d5e6028d36738a22;p=openwrt%2Fstaging%2Fblogic.git firewall: fix support for netranges in redirect and rule sections SVN-Revision: 21640 --- diff --git a/package/firewall/Makefile b/package/firewall/Makefile index 4f4f71c325c0..2387df247bb5 100644 --- a/package/firewall/Makefile +++ b/package/firewall/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=firewall PKG_VERSION:=2 -PKG_RELEASE:=4 +PKG_RELEASE:=5 include $(INCLUDE_DIR)/package.mk diff --git a/package/firewall/files/lib/config.sh b/package/firewall/files/lib/config.sh index 1c5e03096109..c21391266a46 100644 --- a/package/firewall/files/lib/config.sh +++ b/package/firewall/files/lib/config.sh @@ -87,8 +87,8 @@ config_get_ipaddr() { local vers= case "$addr" in - *.*) vers=4 ;; - *:*) vers=6 ;; + *.*) vers=4; mask="${mask:-32}" ;; + *:*) vers=6; mask="${mask:-128}" ;; esac export ${NO_EXPORT:+-n} -- "${varn}=${addr}" diff --git a/package/firewall/files/lib/core_redirect.sh b/package/firewall/files/lib/core_redirect.sh index c19c494084e8..87f584e37bf4 100644 --- a/package/firewall/files/lib/core_redirect.sh +++ b/package/firewall/files/lib/core_redirect.sh @@ -42,8 +42,8 @@ fw_load_redirect() { for redirect_proto in $redirect_proto; do fw add $mode n zone_${redirect_src}_prerouting DNAT $ { $redirect_src_ip $redirect_dest_ip } { \ ${redirect_proto:+-p $redirect_proto} \ - ${redirect_src_ip:+-s $redirect_src_ip} \ - ${redirect_src_dip:+-d $redirect_src_dip} \ + ${redirect_src_ip:+-s $redirect_src_ip/$redirect_src_ip_prefixlen} \ + ${redirect_src_dip:+-d $redirect_src_dip/$redirect_src_dip_prefixlen} \ ${redirect_src_port:+--sport $redirect_src_port} \ ${redirect_src_dport:+--dport $redirect_src_dport} \ ${redirect_src_mac:+-m mac --mac-source $redirect_src_mac} \ @@ -53,7 +53,7 @@ fw_load_redirect() { fw add $mode f zone_${redirect_src}_forward ACCEPT ^ { $redirect_src_ip $redirect_dest_ip } { \ -d $redirect_dest_ip \ ${redirect_proto:+-p $redirect_proto} \ - ${redirect_src_ip:+-s $redirect_src_ip} \ + ${redirect_src_ip:+-s $redirect_src_ip/$redirect_src_ip_prefixlen} \ ${redirect_src_port:+--sport $redirect_src_port} \ ${fwd_dest_port:+--dport $fwd_dest_port} \ ${redirect_src_mac:+-m mac --mac-source $redirect_src_mac} \ diff --git a/package/firewall/files/lib/core_rule.sh b/package/firewall/files/lib/core_rule.sh index 7beb153ba79a..f93d49ebcf15 100644 --- a/package/firewall/files/lib/core_rule.sh +++ b/package/firewall/files/lib/core_rule.sh @@ -56,10 +56,10 @@ fw_load_rule() { for rule_proto in $rule_proto; do fw add $mode f $chain $target $rule_pos { $rule_src_ip $rule_dest_ip } { \ ${rule_proto:+-p $rule_proto} \ - ${rule_src_ip:+-s $rule_src_ip} \ + ${rule_src_ip:+-s $rule_src_ip/$rule_src_ip_prefixlen} \ ${rule_src_port:+--sport $rule_src_port} \ ${rule_src_mac:+-m mac --mac-source $rule_src_mac} \ - ${rule_dest_ip:+-d $rule_dest_ip} \ + ${rule_dest_ip:+-d $rule_dest_ip/$rule_dest_ip_prefixlen} \ ${rule_dest_port:+--dport $rule_dest_port} \ ${rule_icmp_type:+--icmp-type $rule_icmp_type} \ }