git.librecmc.org Git - oweals/firewall3.git/commit

author	Anton Engelhardt <engelhardt.anton@gmail.com>
	Fri, 14 Sep 2018 17:31:15 +0000 (19:31 +0200)
committer	Jo-Philipp Wich <jo@mein.io>
	Mon, 16 Mar 2020 07:53:34 +0000 (08:53 +0100)
commit	9d7f49df47ad40a95ea0a37b9dcf423ee07819a7
tree	edfe4088b4740af808d8d392c38c8f6b0cd68b0a	tree \| snapshot
parent	f87d0b0f607420424cfcb4ff5a376d7659fa5b6b	commit \| diff

redurects: add support to define multiple zones for dnat reflection rules

Added new config option for redirect, which accepts a list of zones from
which reflection rules shall be created.

Example:
zones: wan lan devices servers

config redirect
...
        option target 'DNAT'
        option src 'wan'
        option dest 'servers'
        option proto 'tcp'
        option src_dport '443'
        option dest_port '443'
        option name 'HTTPS'
        option reflection_src 'extern'
...

Old behaviour would only add a reflection rule from the servers zone.

By adding a config `option reflection_zones 'lan devices servers'`,
reflection rules will get added for all and only the given zones.

Not setting that option results in the old behaviour of using the
DNAT destination zone for reflection rules.

Tested on x86 master and 18.06.

Signed-off-by: Anton Engelhardt <engelhardt.anton@gmail.com>
[reword commit message, align code style, avoid temporary list,
singular option name]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

options.h		diff \| blob \| history
redirects.c		diff \| blob \| history