Add bypass destination port

luci-app-omr-bypass/luasrc/model/cbi/omr-bypass.lua

@@ -34,6 +34,26 @@ ip.optional = false
 ifi = s:option(ListValue, "interface", translate("Interface"))
 ifi.rmempty  = true
 
+s = m:section(TypedSection, "dest_port", translate("Ports destination"))
+s.addremove = true
+s.anonymous = true
+s.template = "cbi/tblsection"
+
+ip = s:option(Value, "dport", translate("port"))
+ip.rmempty  = true
+ip.optional = false
+
+proto = s:option(ListValue, "protp", translate("Protocol"))
+proto:value("all",translate("ALL"))
+proto:value("tcp","TCP")
+proto:value("udp","UDP")
+proto:value("icmp","ICMP")
+proto.rmempty  = true
+proto.optional = false
+
+ifdp = s:option(ListValue, "interface", translate("Interface"))
+ifdp.rmempty  = true
+
 s = m:section(TypedSection, "macs", translate("<abbr title=\"Media Access Control\">MAC</abbr>-Address"))
 s.addremove = true
 s.anonymous = true
@@ -78,12 +98,12 @@ asn.optional = false
 ifa = s:option(ListValue, "interface", translate("Interface"))
 ifa.rmempty  = true
 
-s = m:section(TypedSection, "dpis", translate("Protocols"))
+s = m:section(TypedSection, "dpis", translate("Protocols and services"))
 s.addremove = true
 s.anonymous = true
 s.template = "cbi/tblsection"
 
-dpi = s:option(ListValue, "proto", translate("Protocol"))
+dpi = s:option(ListValue, "proto", translate("Protocol/Service"))
 dpi.rmempty  = true
 dpi.optional = false
 local xt_ndpi_available = nixio.fs.access("/proc/net/xt_ndpi/proto")
@@ -110,12 +130,14 @@ ifp.default = "all"
 ifm.default = "all"
 ifl.default = "all"
 ifa.default = "all"
+ifdp.default = "all"
 ifd:value("all",translate("Default"))
 ifi:value("all",translate("Default"))
 ifp:value("all",translate("Default"))
 ifm:value("all",translate("Default"))
 ifl:value("all",translate("Default"))
 ifa:value("all",translate("Default"))
+ifdp:value("all",translate("Default"))
 for _, iface in ipairs(ifaces) do
 	if iface:is_up() then
 		ifd:value(iface:name(),"%s" % iface:name())
@@ -124,6 +146,7 @@ for _, iface in ipairs(ifaces) do
 		ifm:value(iface:name(),"%s" % iface:name())
 		ifl:value(iface:name(),"%s" % iface:name())
 		ifa:value(iface:name(),"%s" % iface:name())
+		ifdp:value(iface:name(),"%s" % iface:name())
 	end
 end
 

luci-app-omr-bypass/root/etc/init.d/omr-bypass

@@ -153,6 +153,49 @@ _bypass_lan_ip() {
 	fi
 }
 
+_bypass_dest_port() {
+	local ip
+	local intf
+	config_get dport $1 dport
+	config_get proto $1 proto
+	config_get intf $1 interface
+	local intfid="$(uci -q get omr-bypass.$intf.id)"
+
+	[ -z "$intf" ] && intf="all"
+	[ -z "$ip" ] && return
+	valid_ip4=$(valid_subnet4 $ip)
+	valid_ip6=$(valid_subnet6 $ip)
+	if [ "$intf" = "all" ]; then
+		if [ "$valid_ip4" = "ok" ]; then
+			iptables-restore --wait=60  --noflush <<-EOF
+			*mangle
+			-A omr-bypass --protocol $protocol --destination-port $dport -j MARK --set-mark 0x539
+			COMMIT
+			EOF
+		elif [ "$valid_ip6" = "ok" ]; then
+			ip6tables-restore --wait=60  --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 --protocol $protocol --destination-port $dport -j MARK --set-mark 0x6539
+			COMMIT
+			EOF
+		fi
+	else
+		if [ "$valid_ip4" = "ok" ]; then
+			iptables-restore --wait=60  --noflush <<-EOF
+			*mangle
+			-A omr-bypass --protocol $protocol --destination-port $dport -j MARK --set-mark 0x539$intfid
+			COMMIT
+			EOF
+		elif [ "$valid_ip6" = "ok" ]; then
+			ip6tables-restore --wait=60  --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 --protocol $protocol --destination-port $dport -j MARK --set-mark 0x6539$intfid
+			COMMIT
+			EOF
+		fi
+	fi
+}
+
 _bypass_proto() {
 	local proto
 	local intf
@@ -349,6 +392,7 @@ start_service() {
 	config_foreach _bypass_ip_set ips
 	config_foreach _bypass_mac macs
 	config_foreach _bypass_lan_ip lan_ip
+	config_foreach _bypass_dest_port dest_port
 	config_foreach _bypass_asn asns
 	dnsmasqipset=$(uci -q get dhcp.@dnsmasq[0].ipset | sed 's/ /\n/g' | grep -v dst_bypass)
 	uci -q delete dhcp.@dnsmasq[0].ipset