diff options
author | Steven Barth <steven@midlink.org> | 2008-04-01 22:15:24 +0000 |
---|---|---|
committer | Steven Barth <steven@midlink.org> | 2008-04-01 22:15:24 +0000 |
commit | e9ff9dd9942748592a1f8ce66fab7dfce46e9779 (patch) | |
tree | 4e7a1a16c803c8cfce207794b7346efa45db7557 | |
parent | 799de8987c5c70ce70429700014fd3768b41f3a0 (diff) |
* Fixed firewall scripts
-rw-r--r-- | contrib/init.d/luci_fw | 9 | ||||
-rw-r--r-- | contrib/uci/luci | 3 | ||||
-rw-r--r-- | src/ffluci/model/cbi/admin_network/firewall.lua | 9 |
3 files changed, 6 insertions, 15 deletions
diff --git a/contrib/init.d/luci_fw b/contrib/init.d/luci_fw index f393719ab9..4cb9c4799e 100644 --- a/contrib/init.d/luci_fw +++ b/contrib/init.d/luci_fw @@ -15,12 +15,14 @@ apply_portfw() { if ([ "$proto" == "tcpudp" ] || [ "$proto" == "tcp" ]); then iptables -t nat -A luci_prerouting -i "$iface" -p tcp --dport "$dport" -j DNAT --to "$to" - iptables -A luci_forward -i "$iface" -p tcp -d "$ip" "$ports" -j ACCEPT + iptables -t nat -A luci_postrouting -p tcp -d "$ip" $ports -j MASQUERADE + iptables -A luci_forward -i "$iface" -p tcp -d "$ip" $ports -j ACCEPT fi if ([ "$proto" == "tcpudp" ] || [ "$proto" == "udp" ]); then iptables -t nat -A luci_prerouting -i "$iface" -p udp --dport "$dport" -j DNAT --to "$to" - iptables -A luci_forward -i "$iface" -p udp -d "$ip" "$ports" -j ACCEPT + iptables -t nat -A luci_postrouting -p udp -d "$ip" $ports -j MASQUERADE + iptables -A luci_forward -i "$iface" -p udp -d "$ip" $ports -j ACCEPT fi } @@ -66,9 +68,6 @@ apply_rule() { config_get jump "$cfg" jump [ -n "$jump" ] && cmd="$cmd -j $jump" - config_get state "$cfg" state - [ -n "$state" ] && cmd="$cmd -m state --state $state" - config_get command "$cfg" command [ -n "$command" ] && cmd="$cmd $command" diff --git a/contrib/uci/luci b/contrib/uci/luci index 640faf1703..ba9ad47458 100644 --- a/contrib/uci/luci +++ b/contrib/uci/luci @@ -19,4 +19,5 @@ config event uci_oncommit option network "/etc/init.d/network restart" option wireless "/etc/init.d/network restart" option olsrd "/etc/init.d/olsrd restart" - option dhcp "/etc/init.d/dhcp restart"
\ No newline at end of file + option dhcp "/etc/init.d/dhcp restart" + option luci_fw "/etc/init.d/luci_fw restart"
\ No newline at end of file diff --git a/src/ffluci/model/cbi/admin_network/firewall.lua b/src/ffluci/model/cbi/admin_network/firewall.lua index a30bac7106..aa56328a0b 100644 --- a/src/ffluci/model/cbi/admin_network/firewall.lua +++ b/src/ffluci/model/cbi/admin_network/firewall.lua @@ -41,15 +41,6 @@ tosrc = s:option(Value, "todest", "Neue Zieladresse [DNAT]") tosrc.optional = true tosrc:depends("jump", "DNAT") - -state = s:option(MultiValue, "state", "Status") -state.optional = true -state.delimiter = "," -state:value("NEW", "neu") -state:value("ESTABLISHED", "etabliert") -state:value("RELATED", "zugehörig") -state:value("INVALID", "ungültig") - jump = s:option(ListValue, "jump", "Aktion") jump.rmempty = true jump:value("", "") |