From: Jo-Philipp Wich Date: Wed, 17 Sep 2014 21:57:39 +0000 (+0200) Subject: redirect: emit -j REDIRECT rules for local port forwards X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=10b9190c9d846ae0f9cfd0b0af3d93a99136a40a;p=oweals%2Ffirewall3.git redirect: emit -j REDIRECT rules for local port forwards Signed-off-by: Jo-Philipp Wich --- diff --git a/redirects.c b/redirects.c index 5dea21f..89b3ad9 100644 --- a/redirects.c +++ b/redirects.c @@ -188,12 +188,11 @@ check_local(struct uci_element *e, struct fw3_redirect *redir, fw3_ubus_address(&addrs, net->name); list_for_each_entry_safe(addr, tmp, &addrs, list) { - if (compare_addr(&redir->ip_redir, addr)) { + if (!redir->local && compare_addr(&redir->ip_redir, addr)) { warn_elem(e, "refers to a destination address on this router, " "assuming port redirection"); redir->local = true; - continue; } list_del(&addr->list); @@ -375,6 +374,24 @@ append_chain_nat(struct fw3_ipt_rule *r, struct fw3_redirect *redir) fw3_ipt_rule_append(r, "zone_%s_postrouting", redir->dest.name); } +static void +set_redirect(struct fw3_ipt_rule *r, struct fw3_port *port) +{ + char buf[sizeof("65535-65535\0")]; + + fw3_ipt_rule_target(r, "REDIRECT"); + + if (port && port->set) + { + if (port->port_min == port->port_max) + sprintf(buf, "%u", port->port_min); + else + sprintf(buf, "%u-%u", port->port_min, port->port_max); + + fw3_ipt_rule_addarg(r, false, "--to-ports", buf); + } +} + static void set_snat_dnat(struct fw3_ipt_rule *r, enum fw3_flag target, struct fw3_address *addr, struct fw3_port *port) @@ -412,7 +429,9 @@ set_snat_dnat(struct fw3_ipt_rule *r, enum fw3_flag target, static void set_target_nat(struct fw3_ipt_rule *r, struct fw3_redirect *redir) { - if (redir->target == FW3_FLAG_DNAT) + if (redir->local) + set_redirect(r, &redir->port_redir); + else if (redir->target == FW3_FLAG_DNAT) set_snat_dnat(r, redir->target, &redir->ip_redir, &redir->port_redir); else set_snat_dnat(r, redir->target, &redir->ip_dest, &redir->port_dest); @@ -568,7 +587,7 @@ expand_redirect(struct fw3_ipt_handle *handle, struct fw3_state *state, print_redirect(handle, state, redir, num, proto, mac); /* reflection rules */ - if (redir->target != FW3_FLAG_DNAT || !redir->reflection) + if (redir->target != FW3_FLAG_DNAT || !redir->reflection || redir->local) return; if (!redir->_dest || !redir->_src->masq)