mptcp/openmptcprouter
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter.git synced 2025-02-12 11:21:55 +00:00
Code Issues Releases Wiki Activity

To make FW rules set via interfaces when proxy is enabled, put them in prerouting table

Browse source
This commit is contained in:
Ycarus (Yannick Chabanois) 2024-03-25 14:38:03 +01:00
parent 01a4595c3f
commit 8430f784c6
3 changed files with 51 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
6.1/package/network/config/firewall4/patches/999-10-forward-rules-in-prerouting.patch Normal file
View file

@ -0,0 +1,17 @@
--- a/root/usr/share/firewall4/templates/ruleset.uc.old
+++ b/root/usr/share/firewall4/templates/ruleset.uc
@@ -181,7 +181,14 @@
chain prerouting {
type filter hook prerouting priority filter; policy accept;
+{% for (let rule in fw4.rules("forward")): %}
+ {%+ include("rule.uc", { fw4, zone: (rule.src?.zone?.log_limit ? rule.src.zone : rule.dest?.zone), rule }) %}
+{% endfor %}
+
{% for (let zone in fw4.zones()): %}
+{% for (let rule in fw4.rules(`forward_${zone.name}`)): %}
+ {%+ include("rule.uc", { fw4, zone, rule }) %}
+{% endfor %}
{% if (zone.dflags.helper): %}
{% for (let rule in zone.match_rules): %}
{% let devices_pos = fw4.filter_loopback_devs(rule.devices_pos, false); %}

17
6.6/package/network/config/firewall4/patches/999-10-forward-rules-in-prerouting.patch Normal file
View file

@ -0,0 +1,17 @@
--- a/root/usr/share/firewall4/templates/ruleset.uc.old
+++ b/root/usr/share/firewall4/templates/ruleset.uc
@@ -181,7 +181,14 @@
chain prerouting {
type filter hook prerouting priority filter; policy accept;
+{% for (let rule in fw4.rules("forward")): %}
+ {%+ include("rule.uc", { fw4, zone: (rule.src?.zone?.log_limit ? rule.src.zone : rule.dest?.zone), rule }) %}
+{% endfor %}
+
{% for (let zone in fw4.zones()): %}
+{% for (let rule in fw4.rules(`forward_${zone.name}`)): %}
+ {%+ include("rule.uc", { fw4, zone, rule }) %}
+{% endfor %}
{% if (zone.dflags.helper): %}
{% for (let rule in zone.match_rules): %}
{% let devices_pos = fw4.filter_loopback_devs(rule.devices_pos, false); %}

17
6.7/package/network/config/firewall4/patches/999-10-forward-rules-in-prerouting.patch Normal file
View file

@ -0,0 +1,17 @@
--- a/root/usr/share/firewall4/templates/ruleset.uc.old
+++ b/root/usr/share/firewall4/templates/ruleset.uc
@@ -181,7 +181,14 @@
chain prerouting {
type filter hook prerouting priority filter; policy accept;
+{% for (let rule in fw4.rules("forward")): %}
+ {%+ include("rule.uc", { fw4, zone: (rule.src?.zone?.log_limit ? rule.src.zone : rule.dest?.zone), rule }) %}
+{% endfor %}
+
{% for (let zone in fw4.zones()): %}
+{% for (let rule in fw4.rules(`forward_${zone.name}`)): %}
+ {%+ include("rule.uc", { fw4, zone, rule }) %}
+{% endfor %}
{% if (zone.dflags.helper): %}
{% for (let rule in zone.match_rules): %}
{% let devices_pos = fw4.filter_loopback_devs(rule.devices_pos, false); %}