X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=options.h;h=30c0a95bdd57f2201c7442408f0b8b5689dc9951;hp=33c5d1449c2346ac97dc08cd7a9b2e70cb32e892;hb=2f392a3b91c25c94abfc9a7862d908c923f7bf2b;hpb=3a3d85b3c787271e4860ca590d716cf557c1fb7e diff --git a/options.h b/options.h index 33c5d14..30c0a95 100644 --- a/options.h +++ b/options.h @@ -1,7 +1,7 @@ /* * firewall3 - 3rd OpenWrt UCI firewall implementation * - * Copyright (C) 2013 Jo-Philipp Wich + * Copyright (C) 2013-2014 Jo-Philipp Wich * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -71,14 +71,15 @@ enum fw3_flag FW3_FLAG_MARK = 10, FW3_FLAG_DNAT = 11, FW3_FLAG_SNAT = 12, - FW3_FLAG_SRC_ACCEPT = 13, - FW3_FLAG_SRC_REJECT = 14, - FW3_FLAG_SRC_DROP = 15, - FW3_FLAG_CUSTOM_CHAINS = 16, - FW3_FLAG_SYN_FLOOD = 17, - FW3_FLAG_MTU_FIX = 18, - FW3_FLAG_DROP_INVALID = 19, - FW3_FLAG_HOTPLUG = 20, + FW3_FLAG_MASQUERADE = 13, + FW3_FLAG_SRC_ACCEPT = 14, + FW3_FLAG_SRC_REJECT = 15, + FW3_FLAG_SRC_DROP = 16, + FW3_FLAG_CUSTOM_CHAINS = 17, + FW3_FLAG_SYN_FLOOD = 18, + FW3_FLAG_MTU_FIX = 19, + FW3_FLAG_DROP_INVALID = 20, + FW3_FLAG_HOTPLUG = 21, __FW3_FLAG_MAX }; @@ -267,7 +268,7 @@ struct fw3_defaults struct fw3_limit syn_flood_rate; bool tcp_syncookies; - bool tcp_ecn; + int tcp_ecn; bool tcp_window_scaling; bool accept_redirects; @@ -327,6 +328,9 @@ struct fw3_rule struct fw3_zone *_src; struct fw3_zone *_dest; + const char *device; + bool direction_out; + struct fw3_device src; struct fw3_device dest; struct fw3_setmatch ipset; @@ -381,6 +385,7 @@ struct fw3_redirect struct fw3_address ip_redir; struct fw3_port port_redir; + struct fw3_limit limit; struct fw3_time time; struct fw3_mark mark; @@ -388,10 +393,47 @@ struct fw3_redirect const char *extra; + bool local; bool reflection; enum fw3_reflection_source reflection_src; }; +struct fw3_snat +{ + struct list_head list; + + bool enabled; + const char *name; + + enum fw3_family family; + + struct fw3_zone *_src; + + struct fw3_device src; + struct fw3_setmatch ipset; + const char *device; + + struct list_head proto; + + struct fw3_address ip_src; + struct fw3_port port_src; + + struct fw3_address ip_dest; + struct fw3_port port_dest; + + struct fw3_address ip_snat; + struct fw3_port port_snat; + + struct fw3_limit limit; + struct fw3_time time; + struct fw3_mark mark; + bool connlimit_ports; + + enum fw3_flag target; + + const char *extra; +}; + struct fw3_forward { struct list_head list; @@ -454,6 +496,7 @@ struct fw3_state struct list_head zones; struct list_head rules; struct list_head redirects; + struct list_head snats; struct list_head forwards; struct list_head ipsets; struct list_head includes; @@ -511,8 +554,9 @@ bool fw3_parse_weekdays(void *ptr, const char *val, bool is_list); bool fw3_parse_monthdays(void *ptr, const char *val, bool is_list); bool fw3_parse_mark(void *ptr, const char *val, bool is_list); bool fw3_parse_setmatch(void *ptr, const char *val, bool is_list); +bool fw3_parse_direction(void *ptr, const char *val, bool is_list); -void fw3_parse_options(void *s, const struct fw3_option *opts, +bool fw3_parse_options(void *s, const struct fw3_option *opts, struct uci_section *section); const char * fw3_address_to_string(struct fw3_address *address,