+#define C(f, tbl, tgt, fmt) \
+ { FW3_FAMILY_##f, FW3_TABLE_##tbl, FW3_FLAG_##tgt, fmt }
+
+static const struct fw3_rule_spec zone_chains[] = {
+ C(ANY, FILTER, UNSPEC, "zone_%1$s_input"),
+ C(ANY, FILTER, UNSPEC, "zone_%1$s_output"),
+ C(ANY, FILTER, UNSPEC, "zone_%1$s_forward"),
+
+ C(ANY, FILTER, SRC_ACCEPT, "zone_%1$s_src_ACCEPT"),
+ C(ANY, FILTER, SRC_REJECT, "zone_%1$s_src_REJECT"),
+ C(ANY, FILTER, SRC_DROP, "zone_%1$s_src_DROP"),
+
+ C(ANY, FILTER, ACCEPT, "zone_%1$s_dest_ACCEPT"),
+ C(ANY, FILTER, REJECT, "zone_%1$s_dest_REJECT"),
+ C(ANY, FILTER, DROP, "zone_%1$s_dest_DROP"),
+
+ C(V4, NAT, SNAT, "zone_%1$s_postrouting"),
+ C(V4, NAT, DNAT, "zone_%1$s_prerouting"),
+
+ C(ANY, FILTER, CUSTOM_CHAINS, "input_%1$s_rule"),
+ C(ANY, FILTER, CUSTOM_CHAINS, "output_%1$s_rule"),
+ C(ANY, FILTER, CUSTOM_CHAINS, "forwarding_%1$s_rule"),
+
+ C(V4, NAT, CUSTOM_CHAINS, "prerouting_%1$s_rule"),
+ C(V4, NAT, CUSTOM_CHAINS, "postrouting_%1$s_rule"),
+
+ { }
+};
+
+
+#define R(dir1, dir2) \
+ "zone_%1$s_" #dir1 " -m comment --comment \"user chain for %1$s " \
+ #dir2 "\" -j " #dir2 "_%1$s_rule"
+
+static const struct fw3_rule_spec zone_rules[] = {
+ C(ANY, FILTER, CUSTOM_CHAINS, R(input, input)),
+ C(ANY, FILTER, CUSTOM_CHAINS, R(output, output)),
+ C(ANY, FILTER, CUSTOM_CHAINS, R(forward, forwarding)),
+
+ C(V4, NAT, CUSTOM_CHAINS, R(prerouting, prerouting)),
+ C(V4, NAT, CUSTOM_CHAINS, R(postrouting, postrouting)),
+
+ { }
+};
+
+const struct fw3_option fw3_zone_opts[] = {
+ FW3_OPT("enabled", bool, zone, enabled),
+