From e9ff9dd9942748592a1f8ce66fab7dfce46e9779 Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Tue, 1 Apr 2008 22:15:24 +0000 Subject: [PATCH] * Fixed firewall scripts --- contrib/init.d/luci_fw | 9 ++++----- contrib/uci/luci | 3 ++- src/ffluci/model/cbi/admin_network/firewall.lua | 9 --------- 3 files changed, 6 insertions(+), 15 deletions(-) diff --git a/contrib/init.d/luci_fw b/contrib/init.d/luci_fw index f393719ab..4cb9c4799 100644 --- a/contrib/init.d/luci_fw +++ b/contrib/init.d/luci_fw @@ -15,12 +15,14 @@ apply_portfw() { if ([ "$proto" == "tcpudp" ] || [ "$proto" == "tcp" ]); then iptables -t nat -A luci_prerouting -i "$iface" -p tcp --dport "$dport" -j DNAT --to "$to" - iptables -A luci_forward -i "$iface" -p tcp -d "$ip" "$ports" -j ACCEPT + iptables -t nat -A luci_postrouting -p tcp -d "$ip" $ports -j MASQUERADE + iptables -A luci_forward -i "$iface" -p tcp -d "$ip" $ports -j ACCEPT fi if ([ "$proto" == "tcpudp" ] || [ "$proto" == "udp" ]); then iptables -t nat -A luci_prerouting -i "$iface" -p udp --dport "$dport" -j DNAT --to "$to" - iptables -A luci_forward -i "$iface" -p udp -d "$ip" "$ports" -j ACCEPT + iptables -t nat -A luci_postrouting -p udp -d "$ip" $ports -j MASQUERADE + iptables -A luci_forward -i "$iface" -p udp -d "$ip" $ports -j ACCEPT fi } @@ -66,9 +68,6 @@ apply_rule() { config_get jump "$cfg" jump [ -n "$jump" ] && cmd="$cmd -j $jump" - config_get state "$cfg" state - [ -n "$state" ] && cmd="$cmd -m state --state $state" - config_get command "$cfg" command [ -n "$command" ] && cmd="$cmd $command" diff --git a/contrib/uci/luci b/contrib/uci/luci index 640faf170..ba9ad4745 100644 --- a/contrib/uci/luci +++ b/contrib/uci/luci @@ -19,4 +19,5 @@ config event uci_oncommit option network "/etc/init.d/network restart" option wireless "/etc/init.d/network restart" option olsrd "/etc/init.d/olsrd restart" - option dhcp "/etc/init.d/dhcp restart" \ No newline at end of file + option dhcp "/etc/init.d/dhcp restart" + option luci_fw "/etc/init.d/luci_fw restart" \ No newline at end of file diff --git a/src/ffluci/model/cbi/admin_network/firewall.lua b/src/ffluci/model/cbi/admin_network/firewall.lua index a30bac710..aa56328a0 100644 --- a/src/ffluci/model/cbi/admin_network/firewall.lua +++ b/src/ffluci/model/cbi/admin_network/firewall.lua @@ -41,15 +41,6 @@ tosrc = s:option(Value, "todest", "Neue Zieladresse [DNAT]") tosrc.optional = true tosrc:depends("jump", "DNAT") - -state = s:option(MultiValue, "state", "Status") -state.optional = true -state.delimiter = "," -state:value("NEW", "neu") -state:value("ESTABLISHED", "etabliert") -state:value("RELATED", "zugehörig") -state:value("INVALID", "ungültig") - jump = s:option(ListValue, "jump", "Aktion") jump.rmempty = true jump:value("", "") -- 2.11.0