Home Explore Help
Sign In
OpenWrt
/
openwrt
mirror of https://github.com/openwrt/openwrt.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

firewall: - notrack support was broken in multiple ways, fix it - also consider a zone conntracked if any redirect references it (#7196)

SVN-Revision: 22215
Jo-Philipp Wich 15 years ago
parent
1ca67cba7f
commit
f8fa598bf4
5 changed files with 11 additions and 9 deletions
Split View Show Diff Stats
  1. 1 1
      package/firewall/Makefile
  2. 1 1
      package/firewall/files/lib/core.sh
  3. 4 4
      package/firewall/files/lib/core_forwarding.sh
  4. 2 3
      package/firewall/files/lib/core_init.sh
  5. 3 0
      package/firewall/files/lib/core_redirect.sh

+ 1 - 1
package/firewall/Makefile
View File 

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewall
 
 
 PKG_VERSION:=2
 
-PKG_RELEASE:=6
 
+PKG_RELEASE:=7
 
 
 include $(INCLUDE_DIR)/package.mk

+ 1 - 1
package/firewall/files/lib/core.sh
View File 

@@ -39,7 +39,7 @@ fw_start() {
 
 	echo "Loading includes"
 
 	config_foreach fw_load_include include
 
 
-	[ -n "$FW_NOTRACK_DISABLED" ] && {
 
+	[ -z "$FW_NOTRACK_DISABLED" ] && {
 
 		echo "Optimizing conntrack"
 
 		config_foreach fw_load_notrack_zone zone
 
 	}

+ 4 - 4
package/firewall/files/lib/core_forwarding.sh
View File 

@@ -32,11 +32,11 @@ fw_load_forwarding() {
 
 	fw add $mode f $chain $target ^
 
 
 	# propagate masq zone flag
 
-	[ -n "$forwarding_src" ] && list_contains CONNTRACK_ZONES $forwarding_src && {
 
-		append CONNTRACK_ZONES $forwarding_dest
 
+	[ -n "$forwarding_src" ] && list_contains FW_CONNTRACK_ZONES $forwarding_src && {
 
+		append FW_CONNTRACK_ZONES $forwarding_dest
 
 	}
 
-	[ -n "$forwarding_dest" ] && list_contains CONNTRACK_ZONES $forwarding_dest && {
 
-		append CONNTRACK_ZONES $forwarding_src
 
+	[ -n "$forwarding_dest" ] && list_contains FW_CONNTRACK_ZONES $forwarding_dest && {
 
+		append FW_CONNTRACK_ZONES $forwarding_src
 
 	}
 
 
 	fw_callback post forwarding

+ 2 - 3
package/firewall/files/lib/core_init.sh
View File 

@@ -228,13 +228,12 @@ fw_load_zone() {
 
 }
 
 
 fw_load_notrack_zone() {
 
-	list_contains FW_CONNTRACK_ZONES "$1" && return
 
-
 
 	fw_config_get_zone "$1"
 
+	list_contains FW_CONNTRACK_ZONES "${zone_name}" && return
 
 
 	fw_callback pre notrack
 
 
-	fw add i f zone_${zone_name}_notrack NOTRACK $
 
+	fw add i r zone_${zone_name}_notrack NOTRACK $
 
 
 	fw_callback post notrack
 
 }

+ 3 - 0
package/firewall/files/lib/core_redirect.sh
View File 

@@ -30,6 +30,9 @@ fw_load_redirect() {
 
 		fw_die "redirect ${redirect_name}: needs src and dest_ip"
 
 	}
 
 
+	list_contains FW_CONNTRACK_ZONES $redirect_src || \
 
+		append FW_CONNTRACK_ZONES $redirect_src
 
+
 
 	local mode=$(fw_get_family_mode ${redirect_family:-x} $redirect_src I)
 
 
 	local nat_dest_port=$redirect_dest_port