continue;
}
+ fw3_ubus_zone_devices(zone);
+
if (list_empty(&zone->networks) && list_empty(&zone->devices) &&
list_empty(&zone->subnets) && !zone->extra_src)
{
switch (handle->table)
{
case FW3_TABLE_FILTER:
+ if (has(zone->flags, handle->family, FW3_FLAG_DNAT))
+ {
+ r = fw3_ipt_rule_new(handle);
+ fw3_ipt_rule_extra(r, "-m conntrack --ctstate DNAT");
+ fw3_ipt_rule_comment(r, "Accept port redirections");
+ fw3_ipt_rule_target(r, fw3_flag_names[FW3_FLAG_ACCEPT]);
+ fw3_ipt_rule_append(r, "zone_%s_input", zone->name);
+
+ r = fw3_ipt_rule_new(handle);
+ fw3_ipt_rule_extra(r, "-m conntrack --ctstate DNAT");
+ fw3_ipt_rule_comment(r, "Accept port forwards");
+ fw3_ipt_rule_target(r, fw3_flag_names[FW3_FLAG_ACCEPT]);
+ fw3_ipt_rule_append(r, "zone_%s_forward", zone->name);
+ }
+
r = fw3_ipt_rule_new(handle);
fw3_ipt_rule_target(r, "zone_%s_src_%s", zone->name,
fw3_flag_names[zone->policy_input]);