Update fullconenat.patch

2025-03-09 15:40:20 +00:00 · 2022-06-17 13:57:24 +08:00 · 2022-06-17 13:57:24 +08:00 · 4b842f527d
commit 4b842f527d
parent 65678acb5e
1 changed files with 25 additions and 17 deletions
--- a/root/package/network/config/firewall/patches/fullconenat.patch
+++ b/root/package/network/config/firewall/patches/fullconenat.patch
@ -11,7 +11,7 @@
 	struct list_head cthelpers;
 --- a/zones.c
 +++ b/zones.c
-@@ -77,6 +77,8 @@ const struct fw3_option fw3_zone_opts[]
+@@ -77,6 +77,8 @@ const struct fw3_option fw3_zone_opts[] = {
 	FW3_LIST("masq_src",           network,  zone,     masq_src),
 	FW3_LIST("masq_dest",          network,  zone,     masq_dest),
@ -20,21 +20,29 @@
 	FW3_OPT("extra",               string,   zone,     extra_src),
 	FW3_OPT("extra_src",           string,   zone,     extra_src),
 	FW3_OPT("extra_dest",          string,   zone,     extra_dest),
-@@ -709,7 +711,16 @@ print_zone_rule(struct fw3_ipt_handle *h
+@@ -753,10 +755,21 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 				     (mdest = next_addr(mdest, &zone->masq_dest,
 					                    handle->family, false)) || first_dest;
 				     first_dest = false)
-				{
+ 				{
-+				if (zone->fullcone && (access("/usr/lib/iptables/libipt_FULLCONENAT.so", 0) == 0)) {
+-					r = fw3_ipt_rule_new(handle);
-+					r = fw3_ipt_rule_new(handle);
+-					fw3_ipt_rule_src_dest(r, msrc, mdest);
-+					fw3_ipt_rule_src_dest(r, msrc, mdest);
+-					fw3_ipt_rule_target(r, "MASQUERADE");
-+					fw3_ipt_rule_target(r, "FULLCONENAT");
+-					fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
-+					fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
+				    if (zone->fullcone && (access("/usr/lib/iptables/libipt_FULLCONENAT.so", 0) == 0)) {
-+					r = fw3_ipt_rule_new(handle);
+						r = fw3_ipt_rule_new(handle);
-+					fw3_ipt_rule_src_dest(r, msrc, mdest);
+						fw3_ipt_rule_src_dest(r, msrc, mdest);
-+					fw3_ipt_rule_target(r, "FULLCONENAT");
+						fw3_ipt_rule_target(r, "FULLCONENAT");
-+					fw3_ipt_rule_append(r, "zone_%s_prerouting", zone->name);
+						fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
-+				} else {
+						r = fw3_ipt_rule_new(handle);
- 					r = fw3_ipt_rule_new(handle);
+						fw3_ipt_rule_src_dest(r, msrc, mdest);
- 					fw3_ipt_rule_src_dest(r, msrc, mdest);
+						fw3_ipt_rule_target(r, "FULLCONENAT");
- 					fw3_ipt_rule_target(r, "MASQUERADE");
+						fw3_ipt_rule_append(r, "zone_%s_prerouting", zone->name);
 +					} else {
 +						r = fw3_ipt_rule_new(handle);
 +						fw3_ipt_rule_src_dest(r, msrc, mdest);
 +						fw3_ipt_rule_target(r, "MASQUERADE");
 +						fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
 +					}
 				}
 			}
 		}