[OpenWrt-Devel] [PATCH 2/2] firewall3: remove IPv4-only restriction for NAT
Lars
larsg at systemli.org
Fri May 8 13:53:18 EDT 2015
IPv6 NAT support was added in Linux Kernel 3.7 and iptables 1.4.17
Signed-off-by: Lars Gierth <larsg at systemli.org>
---
defaults.c | 8 ++++----
zones.c | 11 +++++++----
2 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/defaults.c b/defaults.c
index 396cbf7..45d6de6 100644
--- a/defaults.c
+++ b/defaults.c
@@ -32,10 +32,10 @@ static const struct fw3_chain_spec default_chains[] = {
C(ANY, FILTER, CUSTOM_CHAINS, "forwarding_rule"),
C(ANY, FILTER, SYN_FLOOD, "syn_flood"),
- C(V4, NAT, UNSPEC, "delegate_prerouting"),
- C(V4, NAT, UNSPEC, "delegate_postrouting"),
- C(V4, NAT, CUSTOM_CHAINS, "prerouting_rule"),
- C(V4, NAT, CUSTOM_CHAINS, "postrouting_rule"),
+ C(ANY, NAT, UNSPEC, "delegate_prerouting"),
+ C(ANY, NAT, UNSPEC, "delegate_postrouting"),
+ C(ANY, NAT, CUSTOM_CHAINS, "prerouting_rule"),
+ C(ANY, NAT, CUSTOM_CHAINS, "postrouting_rule"),
C(ANY, MANGLE, UNSPEC, "mssfix"),
C(ANY, MANGLE, UNSPEC, "fwmark"),
diff --git a/zones.c b/zones.c
index c902ebc..7c1baa7 100644
--- a/zones.c
+++ b/zones.c
@@ -36,8 +36,8 @@ static const struct fw3_chain_spec zone_chains[] = {
C(ANY, FILTER, REJECT, "zone_%s_dest_REJECT"),
C(ANY, FILTER, DROP, "zone_%s_dest_DROP"),
- C(V4, NAT, SNAT, "zone_%s_postrouting"),
- C(V4, NAT, DNAT, "zone_%s_prerouting"),
+ C(ANY, NAT, SNAT, "zone_%s_postrouting"),
+ C(ANY, NAT, DNAT, "zone_%s_prerouting"),
C(ANY, RAW, NOTRACK, "zone_%s_notrack"),
@@ -45,8 +45,8 @@ static const struct fw3_chain_spec zone_chains[] = {
C(ANY, FILTER, CUSTOM_CHAINS, "output_%s_rule"),
C(ANY, FILTER, CUSTOM_CHAINS, "forwarding_%s_rule"),
- C(V4, NAT, CUSTOM_CHAINS, "prerouting_%s_rule"),
- C(V4, NAT, CUSTOM_CHAINS, "postrouting_%s_rule"),
+ C(ANY, NAT, CUSTOM_CHAINS, "prerouting_%s_rule"),
+ C(ANY, NAT, CUSTOM_CHAINS, "postrouting_%s_rule"),
{ }
};
@@ -218,6 +218,7 @@ fw3_load_zones(struct fw3_state *state, struct
uci_package *p)
if (zone->masq)
{
setbit(zone->flags[0], FW3_FLAG_SNAT);
+ setbit(zone->flags[1], FW3_FLAG_SNAT);
zone->conntrack = true;
}
@@ -230,7 +231,9 @@ fw3_load_zones(struct fw3_state *state, struct
uci_package *p)
if (zone->custom_chains)
{
setbit(zone->flags[0], FW3_FLAG_SNAT);
+ setbit(zone->flags[1], FW3_FLAG_SNAT);
setbit(zone->flags[0], FW3_FLAG_DNAT);
+ setbit(zone->flags[1], FW3_FLAG_DNAT);
}
setbit(zone->flags[0], fw3_to_src_target(zone->policy_input));
--
2.1.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x7E86809F.asc
Type: application/pgp-keys
Size: 7893 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150508/b002987f/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150508/b002987f/attachment.sig>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list