Add Full Cone NAT support

2025-02-14 12:21:53 +00:00 · 2020-04-02 14:14:51 +02:00 · 2020-04-02 14:14:51 +02:00 · b46478b0ba
commit b46478b0ba
parent e3c42cf474
3 changed files with 63 additions and 0 deletions
--- a/build.sh
+++ b/build.sh
@ -228,6 +228,16 @@ echo "Update feeds index"
 cp .config .config.keep
 scripts/feeds clean
 scripts/feeds update -a
+
+cd -
+echo "Checking if fullconenat-luci patch is set or not"
+if ! patch -Rf -N -p1 -s --dry-run < patches/fullconenat-luci.patch; then
+	echo "apply..."
+	patch -N -p1 -s < patches/fullconenat-luci.patch
+fi
+echo "Done"
+cd "$OMR_TARGET/source"
+
 if [ "$OMR_ALL_PACKAGES" = "yes" ]; then
 	scripts/feeds install -a -p packages
 	scripts/feeds install -a -p luci
--- a/patches/fullconenat-luci.patch
+++ b/patches/fullconenat-luci.patch
@ -0,0 +1,13 @@
+--- a/feeds/luci/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
+++ b/feeds/luci/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
+@@ -131,6 +131,10 @@ return L.view.extend({
+ 		o = s.taboption('general', form.Flag, 'masq', _('Masquerading'));
+ 		o.editable = true;
+ 
+		o = s.taboption('general', form.Flag, 'fullcone', _('Full Cone'));
+		o.editable = true;
+		o.depends('masq', '1');
+
+ 		o = s.taboption('general', form.Flag, 'mtu_fix', _('MSS clamping'));
+ 		o.modalonly = true;
+ 
--- a/root/package/network/config/firewall/patches/fullconenat.patch
+++ b/root/package/network/config/firewall/patches/fullconenat.patch
@ -0,0 +1,40 @@
+--- a/options.h
+++ b/options.h
+@@ -341,6 +341,8 @@ struct fw3_zone
+ 	struct list_head masq_src;
+ 	struct list_head masq_dest;
+ 
+	bool fullcone;
+
+ 	bool mtu_fix;
+ 
+ 	struct list_head cthelpers;
+--- a/zones.c
+++ b/zones.c
+@@ -77,6 +77,8 @@ const struct fw3_option fw3_zone_opts[]
+ 	FW3_LIST("masq_src",           network,  zone,     masq_src),
+ 	FW3_LIST("masq_dest",          network,  zone,     masq_dest),
+ 
+	FW3_OPT("fullcone",            bool,     zone,     fullcone),
+
+ 	FW3_OPT("extra",               string,   zone,     extra_src),
+ 	FW3_OPT("extra_src",           string,   zone,     extra_src),
+ 	FW3_OPT("extra_dest",          string,   zone,     extra_dest),
+@@ -709,7 +711,16 @@ print_zone_rule(struct fw3_ipt_handle *h
+ 				     (mdest = next_addr(mdest, &zone->masq_dest,
+ 					                    handle->family, false)) || first_dest;
+ 				     first_dest = false)
+-				{
+				if (zone->fullcone && (access("/usr/lib/iptables/libipt_FULLCONENAT.so", 0) == 0)) {
+					r = fw3_ipt_rule_new(handle);
+					fw3_ipt_rule_src_dest(r, msrc, mdest);
+					fw3_ipt_rule_target(r, "FULLCONENAT");
+					fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
+					r = fw3_ipt_rule_new(handle);
+					fw3_ipt_rule_src_dest(r, msrc, mdest);
+					fw3_ipt_rule_target(r, "FULLCONENAT");
+					fw3_ipt_rule_append(r, "zone_%s_prerouting", zone->name);
+				} else {
+ 					r = fw3_ipt_rule_new(handle);
+ 					fw3_ipt_rule_src_dest(r, msrc, mdest);
+ 					fw3_ipt_rule_target(r, "MASQUERADE");