Changeset 22215


Ignore:
Timestamp:
2010-07-16T00:01:48+02:00 (6 years ago)
Author:
jow
Message:

[package] firewall:

  • notrack support was broken in multiple ways, fix it
  • also consider a zone conntracked if any redirect references it (#7196)
Location:
trunk/package/firewall
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/package/firewall/Makefile

    r21653 r22215  
    1010 
    1111PKG_VERSION:=2 
    12 PKG_RELEASE:=6 
     12PKG_RELEASE:=7 
    1313 
    1414include $(INCLUDE_DIR)/package.mk 
  • trunk/package/firewall/files/lib/core.sh

    r21502 r22215  
    4040        config_foreach fw_load_include include 
    4141 
    42         [ -n "$FW_NOTRACK_DISABLED" ] && { 
     42        [ -z "$FW_NOTRACK_DISABLED" ] && { 
    4343                echo "Optimizing conntrack" 
    4444                config_foreach fw_load_notrack_zone zone 
  • trunk/package/firewall/files/lib/core_forwarding.sh

    r21508 r22215  
    3333 
    3434        # propagate masq zone flag 
    35         [ -n "$forwarding_src" ] && list_contains CONNTRACK_ZONES $forwarding_src && { 
    36                 append CONNTRACK_ZONES $forwarding_dest 
     35        [ -n "$forwarding_src" ] && list_contains FW_CONNTRACK_ZONES $forwarding_src && { 
     36                append FW_CONNTRACK_ZONES $forwarding_dest 
    3737        } 
    38         [ -n "$forwarding_dest" ] && list_contains CONNTRACK_ZONES $forwarding_dest && { 
    39                 append CONNTRACK_ZONES $forwarding_src 
     38        [ -n "$forwarding_dest" ] && list_contains FW_CONNTRACK_ZONES $forwarding_dest && { 
     39                append FW_CONNTRACK_ZONES $forwarding_src 
    4040        } 
    4141 
  • trunk/package/firewall/files/lib/core_init.sh

    r21508 r22215  
    229229 
    230230fw_load_notrack_zone() { 
    231         list_contains FW_CONNTRACK_ZONES "$1" && return 
    232  
    233231        fw_config_get_zone "$1" 
     232        list_contains FW_CONNTRACK_ZONES "${zone_name}" && return 
    234233 
    235234        fw_callback pre notrack 
    236235 
    237         fw add i f zone_${zone_name}_notrack NOTRACK $ 
     236        fw add i r zone_${zone_name}_notrack NOTRACK $ 
    238237 
    239238        fw_callback post notrack 
  • trunk/package/firewall/files/lib/core_redirect.sh

    r21640 r22215  
    3030                fw_die "redirect ${redirect_name}: needs src and dest_ip" 
    3131        } 
     32 
     33        list_contains FW_CONNTRACK_ZONES $redirect_src || \ 
     34                append FW_CONNTRACK_ZONES $redirect_src 
    3235 
    3336        local mode=$(fw_get_family_mode ${redirect_family:-x} $redirect_src I) 
Note: See TracChangeset for help on using the changeset viewer.