/*
* firewall3 - 3rd OpenWrt UCI firewall implementation
*
- * Copyright (C) 2013-2014 Jo-Philipp Wich <jow@openwrt.org>
+ * Copyright (C) 2013-2014 Jo-Philipp Wich <jo@mein.io>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
list_for_each_entry(zone, &state->zones, list)
{
- addrs = fw3_resolve_zone_addresses(zone);
+ addrs = fw3_resolve_zone_addresses(zone, NULL);
if (!addrs)
continue;
check_local(struct uci_element *e, struct fw3_redirect *redir,
struct fw3_state *state)
{
- struct fw3_zone *zone;
- struct fw3_device *net;
- struct fw3_address *addr, *tmp;
-
if (redir->target != FW3_FLAG_DNAT)
return false;
if (!redir->ip_redir.set)
redir->local = true;
- if (redir->local)
- return true;
-
- list_for_each_entry(zone, &state->zones, list)
- {
- list_for_each_entry(net, &zone->networks, list)
- {
- LIST_HEAD(addrs);
-
- fw3_ubus_address(&addrs, net->name);
- list_for_each_entry_safe(addr, tmp, &addrs, list)
- {
- if (!redir->local && compare_addr(&redir->ip_redir, addr)) {
- warn_elem(e, "refers to a destination address on this router, "
- "assuming port redirection");
-
- redir->local = true;
- }
-
- list_del(&addr->list);
- free(addr);
- }
-
- if (redir->local)
- return true;
- }
- }
-
- return false;
+ return redir->local;
}
void
set(redir->_src->flags, FW3_FAMILY_V4, redir->target);
redir->_src->conntrack = true;
valid = true;
- }
- if (!check_local(e, redir, state) && !redir->dest.set &&
- resolve_dest(e, redir, state))
- {
- warn_elem(e, "does not specify a destination, assuming '%s'",
- redir->dest.name);
- }
+ if (!check_local(e, redir, state) && !redir->dest.set &&
+ resolve_dest(e, redir, state))
+ {
+ warn_elem(e, "does not specify a destination, assuming '%s'",
+ redir->dest.name);
+ }
- if (redir->reflection && redir->_dest && redir->_src->masq)
- {
- set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_ACCEPT);
- set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_DNAT);
- set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_SNAT);
+ if (redir->reflection && redir->_dest && redir->_src->masq)
+ {
+ set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_ACCEPT);
+ set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_DNAT);
+ set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_SNAT);
+ }
}
}
else
if (!redir->_dest || !redir->_src->masq)
return;
- ext_addrs = fw3_resolve_zone_addresses(redir->_src);
- int_addrs = fw3_resolve_zone_addresses(redir->_dest);
+ ext_addrs = fw3_resolve_zone_addresses(redir->_src, &redir->ip_dest);
+ int_addrs = fw3_resolve_zone_addresses(redir->_dest, NULL);
if (!ext_addrs || !int_addrs)
goto out;
projects / project / firewall3.git / blobdiff