diff --git a/omr-dscp/files/etc/init.d/omr-dscp-nft b/omr-dscp/files/etc/init.d/omr-dscp-nft index d31ad37f5..9c7a26f05 100755 --- a/omr-dscp/files/etc/init.d/omr-dscp-nft +++ b/omr-dscp/files/etc/init.d/omr-dscp-nft @@ -60,7 +60,7 @@ _add_dscp_domains_rules() { set firewall.omr_dscp_rule_${class}_4.ipset="omr_dscp_${class}_4" set firewall.omr_dscp_rule_${class}_4.set_dscp="$(echo ${class} | tr '[a-z'] '[A-Z]')" set firewall.omr_dscp_rule_${class}_4.target='DSCP' - set firewall.omr_dscp_rule_${class}_4.src='lan' + set firewall.omr_dscp_rule_${class}_4.src='*' set firewall.omr_dscp_rule_${class}_4.dest='*' commit firewall EOF @@ -71,7 +71,7 @@ _add_dscp_domains_rules() { set firewall.omr_dscp_rule_${class}_6.ipset="omr_dscp_${class}_6" set firewall.omr_dscp_rule_${class}_6.target='DSCP' set firewall.omr_dscp_rule_${class}_6.set_dscp="$(echo ${class} | tr '[a-z'] '[A-Z]')" - set firewall.omr_dscp_rule_${class}_6.src='lan' + set firewall.omr_dscp_rule_${class}_6.src='*' set firewall.omr_dscp_rule_${class}_6.dest='*' commit firewall EOF @@ -93,32 +93,42 @@ _add_dscp_rules() { dest_port="$(echo $dest_port | sed 's/:/-/g')" count=$((count + 1)) [ "$proto" = "all" ] && proto="tcp udp" + src="" + dst="" case "$direction" in - upload|both) - # Apply the rule locally - uci -q batch <<-EOF - set firewall.omr_dscp_rule$count=rule - set firewall.omr_dscp_rule$count.name="omr_dscp_rule$count" - set firewall.omr_dscp_rule$count.target="DSCP" - set firewall.omr_dscp_rule$count.set_dscp="$(echo ${class} | tr '[a-z'] '[A-Z]')" - set firewall.omr_dscp_rule$count.src="lan" - set firewall.omr_dscp_rule$count.src_ip="$src_ip" - set firewall.omr_dscp_rule$count.dest_ip="$dest_ip" - set firewall.omr_dscp_rule$count.proto="$proto" - EOF - src_port="$(echo $src_port | sed 's/,/ /g')" - dest_port="$(echo $dest_port | sed 's/,/ /g')" - for port in $src_port; do - uci -q set firewall.omr_dscp_rule$count.src_port="$src_port" - done - for port in $src_port; do - uci -q set firewall.omr_dscp_rule$count.dest_port="$dest_port" - done - #_add_dscp_rule -m multiport --sports "$src_port" -m multiport --dports "$dest_port" + upload) + src="lan" ;; - download|both) + download) + dst="lan" + ;; + both) + # to also use local generated traffic, maybe a local origin should be set... + src="*" + dst="*" ;; esac + # Apply the rule locally + uci -q batch <<-EOF + set firewall.omr_dscp_rule$count=rule + set firewall.omr_dscp_rule$count.name="omr_dscp_rule$count" + set firewall.omr_dscp_rule$count.target="DSCP" + set firewall.omr_dscp_rule$count.set_dscp="$(echo ${class} | tr '[a-z'] '[A-Z]')" + set firewall.omr_dscp_rule$count.src="$src" + set firewall.omr_dscp_rule$count.dest="$dst" + set firewall.omr_dscp_rule$count.src_ip="$src_ip" + set firewall.omr_dscp_rule$count.dest_ip="$dest_ip" + set firewall.omr_dscp_rule$count.proto="$proto" + EOF + src_port="$(echo $src_port | sed 's/,/ /g')" + dest_port="$(echo $dest_port | sed 's/,/ /g')" + for port in $src_port; do + uci -q add_list firewall.omr_dscp_rule$count.src_port="$src_port" + done + for port in $src_port; do + uci -q add_list firewall.omr_dscp_rule$count.dest_port="$dest_port" + done + #_add_dscp_rule -m multiport --sports "$src_port" -m multiport --dports "$dest_port" uci -q commit firewall }